Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-14540 (GCVE-0-2019-14540)
Vulnerability from cvelistv5 – Published: 2019-09-15 21:45 – Updated: 2024-08-05 00:19
VLAI
EPSS
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
35 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
},
{
"name": "DSA-4542",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/6"
},
{
"name": "FEDORA-2019-b171554877",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "FEDORA-2019-cf87377f5f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
},
{
"name": "DSA-4542",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/6"
},
{
"name": "FEDORA-2019-b171554877",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "FEDORA-2019-cf87377f5f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
},
{
"name": "DSA-4542",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
},
{
"name": "FEDORA-2019-b171554877",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "FEDORA-2019-cf87377f5f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2449",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2449"
},
{
"name": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2410",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2410"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14540",
"datePublished": "2019-09-15T21:45:22.000Z",
"dateReserved": "2019-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:19:41.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-14540",
"date": "2026-06-07",
"epss": "0.06454",
"percentile": "0.91244"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.6.7.3\", \"matchCriteriaId\": \"7036DA13-110D-40B3-8494-E361BBF4AFCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.7.0\", \"versionEndExcluding\": \"2.8.11.5\", \"matchCriteriaId\": \"5F83B193-74CF-459A-8055-AE0F033D5BCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.9.0\", \"versionEndExcluding\": \"2.9.10\", \"matchCriteriaId\": \"FE5543DD-3F9D-45EF-8034-E1EF9657955A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2BEE49E-A5AA-42D3-B422-460454505480\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4FF66F7-10C8-4A1C-910A-EF7D12A4284C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35AD0C07-9688-4397-8D45-FBB88C0F0C11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"282150FF-C945-4A3E-8A80-E8757A8907EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"727DF4F5-3D21-491E-96B9-EC973A6C9C18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.2\", \"versionEndIncluding\": \"8.0.8\", \"matchCriteriaId\": \"51433748-DED0-416D-8BFE-F3493E13772E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.2.0.3.23\", \"matchCriteriaId\": \"F6455EB1-C741-45E8-A53E-E7AD7A5D00EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.0.1.0\", \"versionEndExcluding\": \"12.2.0.1.19\", \"matchCriteriaId\": \"BFD43191-E67F-4D1B-967B-3C7B20331945\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.9.4.0.0\", \"versionEndExcluding\": \"13.9.4.2.1\", \"matchCriteriaId\": \"062C588A-CBBA-470F-8D11-2F961922E927\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7BE0590-31BD-4FCD-B50E-A5F86196F99E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.1.0.0.1\", \"matchCriteriaId\": \"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.7.0\", \"versionEndIncluding\": \"5.7.30\", \"matchCriteriaId\": \"E1A68EF8-15AA-42A7-9734-6F9470EB35CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.20\", \"matchCriteriaId\": \"0E1A3769-E443-4511-B349-B5304F5E6EBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CBFA960-D242-43ED-8D4C-A60F01B70740\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9E628E7-6CC5-418C-939F-8EEA69B222A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0513B305-97EF-4609-A82E-D0CDFF9925BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DFB9704-6B99-4113-8537-E4AE0F791B86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F5647E5-B051-41A6-B186-3584C725908B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99365245-49E8-4616-BD24-CE564AC1D17E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A405B01-7DC5-41A0-9B61-C2DBE1C71A67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10864586-270E-4ACF-BDCC-ECFCD299305F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11DA6839-849D-4CEF-85F3-38FE75E07183\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCE78490-A4BE-40BD-8C72-0A4526BBD4A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55AE3629-4A66-49E4-A33D-6D81CC94962F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema de escritura polim\\u00f3rfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Est\\u00e1 relacionado con com.zaxxer.hikari.HikariConfig.\"}]",
"id": "CVE-2019-14540",
"lastModified": "2024-11-21T04:26:55.813",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-09-15T22:15:10.277",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2019:3200\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0159\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0160\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0161\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0164\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0445\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2410\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2449\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191004-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4542\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3200\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2449\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20191004-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4542\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14540\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-09-15T22:15:10.277\",\"lastModified\":\"2024-11-21T04:26:55.813\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema de escritura polim\u00f3rfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Est\u00e1 relacionado con com.zaxxer.hikari.HikariConfig.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.6.7.3\",\"matchCriteriaId\":\"7036DA13-110D-40B3-8494-E361BBF4AFCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.8.11.5\",\"matchCriteriaId\":\"5F83B193-74CF-459A-8055-AE0F033D5BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.10\",\"matchCriteriaId\":\"FE5543DD-3F9D-45EF-8034-E1EF9657955A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BEE49E-A5AA-42D3-B422-460454505480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4FF66F7-10C8-4A1C-910A-EF7D12A4284C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35AD0C07-9688-4397-8D45-FBB88C0F0C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282150FF-C945-4A3E-8A80-E8757A8907EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"727DF4F5-3D21-491E-96B9-EC973A6C9C18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.2\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"51433748-DED0-416D-8BFE-F3493E13772E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.0.3.23\",\"matchCriteriaId\":\"F6455EB1-C741-45E8-A53E-E7AD7A5D00EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0.1.0\",\"versionEndExcluding\":\"12.2.0.1.19\",\"matchCriteriaId\":\"BFD43191-E67F-4D1B-967B-3C7B20331945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.9.4.0.0\",\"versionEndExcluding\":\"13.9.4.2.1\",\"matchCriteriaId\":\"062C588A-CBBA-470F-8D11-2F961922E927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BE0590-31BD-4FCD-B50E-A5F86196F99E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1.0.0.1\",\"matchCriteriaId\":\"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7.0\",\"versionEndIncluding\":\"5.7.30\",\"matchCriteriaId\":\"E1A68EF8-15AA-42A7-9734-6F9470EB35CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.20\",\"matchCriteriaId\":\"0E1A3769-E443-4511-B349-B5304F5E6EBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CBFA960-D242-43ED-8D4C-A60F01B70740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9E628E7-6CC5-418C-939F-8EEA69B222A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0513B305-97EF-4609-A82E-D0CDFF9925BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DFB9704-6B99-4113-8537-E4AE0F791B86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F5647E5-B051-41A6-B186-3584C725908B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99365245-49E8-4616-BD24-CE564AC1D17E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A405B01-7DC5-41A0-9B61-C2DBE1C71A67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DA6839-849D-4CEF-85F3-38FE75E07183\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE78490-A4BE-40BD-8C72-0A4526BBD4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55AE3629-4A66-49E4-A33D-6D81CC94962F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3200\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0159\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0160\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0161\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0164\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0445\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2410\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2449\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191004-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4542\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Oct/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191004-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4542\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
GSD-2019-14540
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-14540",
"description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.",
"id": "GSD-2019-14540",
"references": [
"https://www.suse.com/security/cve/CVE-2019-14540.html",
"https://www.debian.org/security/2019/dsa-4542",
"https://access.redhat.com/errata/RHSA-2020:3192",
"https://access.redhat.com/errata/RHSA-2020:2333",
"https://access.redhat.com/errata/RHSA-2020:2321",
"https://access.redhat.com/errata/RHSA-2020:2067",
"https://access.redhat.com/errata/RHSA-2020:1644",
"https://access.redhat.com/errata/RHSA-2020:0899",
"https://access.redhat.com/errata/RHSA-2020:0895",
"https://access.redhat.com/errata/RHSA-2020:0445",
"https://access.redhat.com/errata/RHSA-2020:0164",
"https://access.redhat.com/errata/RHSA-2020:0161",
"https://access.redhat.com/errata/RHSA-2020:0160",
"https://access.redhat.com/errata/RHSA-2020:0159",
"https://access.redhat.com/errata/RHSA-2019:3200",
"https://advisories.mageia.org/CVE-2019-14540.html",
"https://linux.oracle.com/cve/CVE-2019-14540.html",
"https://ubuntu.com/security/CVE-2019-14540"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-14540"
],
"details": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.",
"id": "GSD-2019-14540",
"modified": "2023-12-13T01:23:52.464386Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
},
{
"name": "DSA-4542",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/6"
},
{
"name": "FEDORA-2019-b171554877",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "FEDORA-2019-cf87377f5f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2449",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2449"
},
{
"name": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2410",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2410"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,2.9.10)",
"affected_versions": "All versions before 2.9.10",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2019-09-24",
"description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind. It is related to `com.zaxxer.hikari.HikariConfig`.",
"fixed_versions": [
"2.9.10"
],
"identifier": "CVE-2019-14540",
"identifiers": [
"CVE-2019-14540"
],
"not_impacted": "All versions starting from 2.9.10",
"package_slug": "maven/com.fasterxml.jackson.core/jackson-databind",
"pubdate": "2019-09-15",
"solution": "Upgrade to version 2.9.10 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
],
"uuid": "dccd96de-e4ca-4391-bb31-64a1f1c97904"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.11.5",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.30",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.0.3.23",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.19",
"versionStartIncluding": "12.2.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.9.4.2.1",
"versionStartIncluding": "13.9.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14540"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2449",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2449"
},
{
"name": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2410",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2410"
},
{
"name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190925 [GitHub] [zookeeper] maoling commented on issue #1097: ZOOKEEPER-3559 - Update Jackson to 2.9.10",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540",
"refsource": "MLIST",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191004-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0002/"
},
{
"name": "DSA-4542",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4542"
},
{
"name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Oct/6"
},
{
"name": "FEDORA-2019-b171554877",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "FEDORA-2019-cf87377f5f",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "RHSA-2020:0164",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0160",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "RHSA-2020:0159",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-09-13T14:54Z",
"publishedDate": "2019-09-15T22:15Z"
}
}
}
OPENSUSE-SU-2024:10868-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jackson-databind-2.10.5.1-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: jackson-databind-2.10.5.1-2.2 on GA media
Description of the patch: These are all security issues fixed in the jackson-databind-2.10.5.1-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10868
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
10 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jackson-databind-2.10.5.1-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jackson-databind-2.10.5.1-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10868",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10868-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11307 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12022 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12023 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14718 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14721 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7489 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12086 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12384 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12814 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14379 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14540 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14893 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16942 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17267 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17531 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20330 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25649 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35728 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20190 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20190/"
}
],
"title": "jackson-databind-2.10.5.1-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10868-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.aarch64",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.aarch64",
"product_id": "jackson-databind-2.10.5.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.ppc64le",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.ppc64le",
"product_id": "jackson-databind-2.10.5.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.s390x",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.s390x",
"product_id": "jackson-databind-2.10.5.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.x86_64",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.x86_64",
"product_id": "jackson-databind-2.10.5.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11307"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11307",
"url": "https://www.suse.com/security/cve/CVE-2018-11307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-11307"
},
{
"cve": "CVE-2018-12022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12022"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12022",
"url": "https://www.suse.com/security/cve/CVE-2018-12022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12022"
},
{
"cve": "CVE-2018-12023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12023"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12023",
"url": "https://www.suse.com/security/cve/CVE-2018-12023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12023"
},
{
"cve": "CVE-2018-14718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14718"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14718",
"url": "https://www.suse.com/security/cve/CVE-2018-14718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14718"
},
{
"cve": "CVE-2018-14721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14721"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14721",
"url": "https://www.suse.com/security/cve/CVE-2018-14721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14721"
},
{
"cve": "CVE-2018-19360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19360"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19360",
"url": "https://www.suse.com/security/cve/CVE-2018-19360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-19360"
},
{
"cve": "CVE-2018-19361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19361"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19361",
"url": "https://www.suse.com/security/cve/CVE-2018-19361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-19361"
},
{
"cve": "CVE-2018-7489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7489"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7489",
"url": "https://www.suse.com/security/cve/CVE-2018-7489"
},
{
"category": "external",
"summary": "SUSE Bug 1202327 for CVE-2018-7489",
"url": "https://bugzilla.suse.com/1202327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7489"
},
{
"cve": "CVE-2019-12086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12086"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12086",
"url": "https://www.suse.com/security/cve/CVE-2019-12086"
},
{
"category": "external",
"summary": "SUSE Bug 1202327 for CVE-2019-12086",
"url": "https://bugzilla.suse.com/1202327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-12086"
},
{
"cve": "CVE-2019-12384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12384"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12384",
"url": "https://www.suse.com/security/cve/CVE-2019-12384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12384"
},
{
"cve": "CVE-2019-12814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12814"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12814",
"url": "https://www.suse.com/security/cve/CVE-2019-12814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12814"
},
{
"cve": "CVE-2019-14379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14379"
}
],
"notes": [
{
"category": "general",
"text": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14379",
"url": "https://www.suse.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "SUSE Bug 1165035 for CVE-2019-14379",
"url": "https://bugzilla.suse.com/1165035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14379"
},
{
"cve": "CVE-2019-14439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14439"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14439",
"url": "https://www.suse.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "SUSE Bug 1165034 for CVE-2019-14439",
"url": "https://bugzilla.suse.com/1165034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14439"
},
{
"cve": "CVE-2019-14540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14540"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14540",
"url": "https://www.suse.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "SUSE Bug 1165038 for CVE-2019-14540",
"url": "https://bugzilla.suse.com/1165038"
},
{
"category": "external",
"summary": "SUSE Bug 1165039 for CVE-2019-14540",
"url": "https://bugzilla.suse.com/1165039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14540"
},
{
"cve": "CVE-2019-14893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14893"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14893",
"url": "https://www.suse.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "SUSE Bug 1157186 for CVE-2019-14893",
"url": "https://bugzilla.suse.com/1157186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14893"
},
{
"cve": "CVE-2019-16942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16942"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16942",
"url": "https://www.suse.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "SUSE Bug 1165041 for CVE-2019-16942",
"url": "https://bugzilla.suse.com/1165041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-16942"
},
{
"cve": "CVE-2019-17267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17267"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17267",
"url": "https://www.suse.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "SUSE Bug 1165044 for CVE-2019-17267",
"url": "https://bugzilla.suse.com/1165044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17267"
},
{
"cve": "CVE-2019-17531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17531"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17531",
"url": "https://www.suse.com/security/cve/CVE-2019-17531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-17531"
},
{
"cve": "CVE-2019-20330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20330"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20330",
"url": "https://www.suse.com/security/cve/CVE-2019-20330"
},
{
"category": "external",
"summary": "SUSE Bug 1160113 for CVE-2019-20330",
"url": "https://bugzilla.suse.com/1160113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-20330"
},
{
"cve": "CVE-2020-25649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25649"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25649",
"url": "https://www.suse.com/security/cve/CVE-2020-25649"
},
{
"category": "external",
"summary": "SUSE Bug 1177616 for CVE-2020-25649",
"url": "https://bugzilla.suse.com/1177616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-35728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35728"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35728",
"url": "https://www.suse.com/security/cve/CVE-2020-35728"
},
{
"category": "external",
"summary": "SUSE Bug 1180391 for CVE-2020-35728",
"url": "https://bugzilla.suse.com/1180391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35728"
},
{
"cve": "CVE-2021-20190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20190"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20190",
"url": "https://www.suse.com/security/cve/CVE-2021-20190"
},
{
"category": "external",
"summary": "SUSE Bug 1181118 for CVE-2021-20190",
"url": "https://bugzilla.suse.com/1181118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-20190"
}
]
}
RHSA-2019:3200
Vulnerability from csaf_redhat - Published: 2019-10-24 09:18 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Update 2019-10-31]
Additional jackson-databind affecting flaws were included with this release but not noted in the original publication of this advisory. Some of those flaws do not have CVE IDs assigned; the advisory has been updated to include these.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)
* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (no CVE assigned)
* jackson-databind: Serialization gadgets in classes of the xalan package (no CVE assigned)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to read arbitrary local files
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
47 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Update 2019-10-31]\nAdditional jackson-databind affecting flaws were included with this release but not noted in the original publication of this advisory. Some of those flaws do not have CVE IDs assigned; the advisory has been updated to include these.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (no CVE assigned) \n\n* jackson-databind: Serialization gadgets in classes of the xalan package (no CVE assigned) \n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3200",
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-amq#streams",
"url": "https://access.redhat.com/products/red-hat-amq#streams"
},
{
"category": "external",
"summary": "1713468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713468"
},
{
"category": "external",
"summary": "1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3200.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:52+00:00",
"generator": {
"date": "2026-05-14T22:24:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2019:3200",
"initial_release_date": "2019-10-24T09:18:10+00:00",
"revision_history": [
{
"date": "2019-10-24T09:18:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-31T16:35:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 1",
"product": {
"name": "Red Hat AMQ Streams 1",
"product_id": "Red Hat AMQ Streams 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713468"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to read arbitrary local files",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12086"
},
{
"category": "external",
"summary": "RHBZ#1713468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server."
},
{
"cve": "CVE-2019-12384",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725807"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack\u0027s OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application\u0027s ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12384"
},
{
"category": "external",
"summary": "RHBZ#1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution"
},
{
"cve": "CVE-2019-12814",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725795"
}
],
"notes": [
{
"category": "description",
"text": "A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Satellite 6 does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability. \n* Red Hat OpenStack\u0027s OpenDaylight does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12814"
},
{
"category": "external",
"summary": "RHBZ#1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
}
],
"release_date": "2019-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "This vulnerability relies on jdom (org.jdom) or jdom2 (org.jdom2) being present in the application\u0027s ClassPath. Applications using jackson-databind that do not also use jdom or jdom2 are not impacted by this vulnerability.",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message."
},
{
"cve": "CVE-2019-14379",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-07-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1737517"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: default typing mishandling leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nSimilarly, Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "RHBZ#1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379"
}
],
"release_date": "2019-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: default typing mishandling leading to remote code execution"
},
{
"cve": "CVE-2019-14439",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Polymorphic typing issue related to logback/JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight provided as part of Red Hat OpenStack does not utilize logback when used in a supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "RHBZ#1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Polymorphic typing issue related to logback/JNDI"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
}
]
}
RHSA-2019_3200
Vulnerability from csaf_redhat - Published: 2019-10-24 09:18 - Updated: 2024-11-15 04:11Summary
Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Update 2019-10-31]
Additional jackson-databind affecting flaws were included with this release but not noted in the original publication of this advisory. Some of those flaws do not have CVE IDs assigned; the advisory has been updated to include these.
Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)
* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (no CVE assigned)
* jackson-databind: Serialization gadgets in classes of the xalan package (no CVE assigned)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Streams 1
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_streams:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
47 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Streams 1.3.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Update 2019-10-31]\nAdditional jackson-databind affecting flaws were included with this release but not noted in the original publication of this advisory. Some of those flaws do not have CVE IDs assigned; the advisory has been updated to include these.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (no CVE assigned) \n\n* jackson-databind: Serialization gadgets in classes of the xalan package (no CVE assigned) \n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3200",
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-amq#streams",
"url": "https://access.redhat.com/products/red-hat-amq#streams"
},
{
"category": "external",
"summary": "1713468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713468"
},
{
"category": "external",
"summary": "1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3200.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.3.0 release and security update",
"tracking": {
"current_release_date": "2024-11-15T04:11:25+00:00",
"generator": {
"date": "2024-11-15T04:11:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:3200",
"initial_release_date": "2019-10-24T09:18:10+00:00",
"revision_history": [
{
"date": "2019-10-24T09:18:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-31T16:35:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:11:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Streams 1",
"product": {
"name": "Red Hat AMQ Streams 1",
"product_id": "Red Hat AMQ Streams 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12086",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713468"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12086"
},
{
"category": "external",
"summary": "RHBZ#1713468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server."
},
{
"cve": "CVE-2019-12384",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725807"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack\u0027s OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application\u0027s ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12384"
},
{
"category": "external",
"summary": "RHBZ#1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution"
},
{
"cve": "CVE-2019-12814",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725795"
}
],
"notes": [
{
"category": "description",
"text": "A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Satellite 6 does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability. \n* Red Hat OpenStack\u0027s OpenDaylight does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12814"
},
{
"category": "external",
"summary": "RHBZ#1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
}
],
"release_date": "2019-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "This vulnerability relies on jdom (org.jdom) or jdom2 (org.jdom2) being present in the application\u0027s ClassPath. Applications using jackson-databind that do not also use jdom or jdom2 are not impacted by this vulnerability.",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message."
},
{
"cve": "CVE-2019-14379",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-07-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1737517"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: default typing mishandling leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nSimilarly, Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "RHBZ#1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379"
}
],
"release_date": "2019-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: default typing mishandling leading to remote code execution"
},
{
"cve": "CVE-2019-14439",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752962"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Polymorphic typing issue related to logback/JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight provided as part of Red Hat OpenStack does not utilize logback when used in a supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "RHBZ#1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Polymorphic typing issue related to logback/JNDI"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Streams 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-24T09:18:10+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Streams 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat AMQ Streams 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat AMQ Streams 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
}
]
}
RHSA-2020:0159
Vulnerability from csaf_redhat - Published: 2020-01-21 02:57 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
* jboss-cli: JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command (CVE-2019-14885)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)
* jackson-databind: polymorphic typing issue when enabling default typing for an externally exposed JSON endpoint and having apache-log4j-extra in the classpath leads to code execution (CVE-2019-17531)
* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.5 (Medium)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
5.4 (Medium)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Samsung R&D Institute Poland
Dominik Mizyn
Verizon Media
Henning Baldersheim
Håvard Pettersen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)\n\n* jboss-cli: JBoss EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)\n\n* jackson-databind: polymorphic typing issue when enabling default typing for an externally exposed JSON endpoint and having apache-log4j-extra in the classpath leads to code execution (CVE-2019-17531)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0159",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "JBEAP-17491",
"url": "https://issues.redhat.com/browse/JBEAP-17491"
},
{
"category": "external",
"summary": "JBEAP-17541",
"url": "https://issues.redhat.com/browse/JBEAP-17541"
},
{
"category": "external",
"summary": "JBEAP-17651",
"url": "https://issues.redhat.com/browse/JBEAP-17651"
},
{
"category": "external",
"summary": "JBEAP-17652",
"url": "https://issues.redhat.com/browse/JBEAP-17652"
},
{
"category": "external",
"summary": "JBEAP-17666",
"url": "https://issues.redhat.com/browse/JBEAP-17666"
},
{
"category": "external",
"summary": "JBEAP-17773",
"url": "https://issues.redhat.com/browse/JBEAP-17773"
},
{
"category": "external",
"summary": "JBEAP-17779",
"url": "https://issues.redhat.com/browse/JBEAP-17779"
},
{
"category": "external",
"summary": "JBEAP-17789",
"url": "https://issues.redhat.com/browse/JBEAP-17789"
},
{
"category": "external",
"summary": "JBEAP-17805",
"url": "https://issues.redhat.com/browse/JBEAP-17805"
},
{
"category": "external",
"summary": "JBEAP-17834",
"url": "https://issues.redhat.com/browse/JBEAP-17834"
},
{
"category": "external",
"summary": "JBEAP-17837",
"url": "https://issues.redhat.com/browse/JBEAP-17837"
},
{
"category": "external",
"summary": "JBEAP-17887",
"url": "https://issues.redhat.com/browse/JBEAP-17887"
},
{
"category": "external",
"summary": "JBEAP-17898",
"url": "https://issues.redhat.com/browse/JBEAP-17898"
},
{
"category": "external",
"summary": "JBEAP-17905",
"url": "https://issues.redhat.com/browse/JBEAP-17905"
},
{
"category": "external",
"summary": "JBEAP-17906",
"url": "https://issues.redhat.com/browse/JBEAP-17906"
},
{
"category": "external",
"summary": "JBEAP-17940",
"url": "https://issues.redhat.com/browse/JBEAP-17940"
},
{
"category": "external",
"summary": "JBEAP-17945",
"url": "https://issues.redhat.com/browse/JBEAP-17945"
},
{
"category": "external",
"summary": "JBEAP-17974",
"url": "https://issues.redhat.com/browse/JBEAP-17974"
},
{
"category": "external",
"summary": "JBEAP-17998",
"url": "https://issues.redhat.com/browse/JBEAP-17998"
},
{
"category": "external",
"summary": "JBEAP-18169",
"url": "https://issues.redhat.com/browse/JBEAP-18169"
},
{
"category": "external",
"summary": "JBEAP-18170",
"url": "https://issues.redhat.com/browse/JBEAP-18170"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0159.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:53+00:00",
"generator": {
"date": "2026-05-14T22:24:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0159",
"initial_release_date": "2020-01-21T02:57:45+00:00",
"revision_history": [
{
"date": "2020-01-21T02:57:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T02:57:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-21.SP12_redhat_00010.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.42-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.5-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.9.10-2.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.6-5.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.6-5.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el6eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Dominik Mizyn"
],
"organization": "Samsung R\u0026D Institute Poland"
}
],
"cve": "CVE-2019-10219",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1738673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: safeHTML validator allows XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10219"
},
{
"category": "external",
"summary": "RHBZ#1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
}
],
"release_date": "2019-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: safeHTML validator allows XSS"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-14885",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14885"
},
{
"category": "external",
"summary": "RHBZ#1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
}
]
}
RHSA-2020:0160
Vulnerability from csaf_redhat - Published: 2020-01-21 03:47 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 7 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening
on HTTPS (CVE-2019-14888)
* jboss-cli: JBoss EAP: Vault system property security attribute value is
revealed on CLI 'reload' command (CVE-2019-14885)
* netty: HTTP request smuggling by mishandled whitespace before the colon in
HTTP headers (CVE-2019-16869)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package
(CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the
commons-configuration package (CVE-2019-14892)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the p6spy package
(CVE-2019-16943)
* jackson-databind: polymorphic typing issue when enabling default typing for an
externally exposed JSON endpoint and having apache-log4j-extra in the classpath
leads to code execution (CVE-2019-17531)
* jackson-databind: Serialization gadgets in classes of the xalan package
(CVE-2019-14893)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* jackson-databind: Serialization gadgets in classes of the ehcache package
(CVE-2019-17267)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
5.4 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Samsung R&D Institute Poland
Dominik Mizyn
Verizon Media
Henning Baldersheim
Håvard Pettersen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening\non HTTPS (CVE-2019-14888)\n\n* jboss-cli: JBoss EAP: Vault system property security attribute value is\nrevealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in\nHTTP headers (CVE-2019-16869)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package\n(CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in classes of the\ncommons-configuration package (CVE-2019-14892)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the p6spy package\n(CVE-2019-16943)\n\n* jackson-databind: polymorphic typing issue when enabling default typing for an\nexternally exposed JSON endpoint and having apache-log4j-extra in the classpath\nleads to code execution (CVE-2019-17531)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package\n(CVE-2019-14893)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package\n(CVE-2019-17267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0160",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "JBEAP-17491",
"url": "https://issues.redhat.com/browse/JBEAP-17491"
},
{
"category": "external",
"summary": "JBEAP-17541",
"url": "https://issues.redhat.com/browse/JBEAP-17541"
},
{
"category": "external",
"summary": "JBEAP-17651",
"url": "https://issues.redhat.com/browse/JBEAP-17651"
},
{
"category": "external",
"summary": "JBEAP-17652",
"url": "https://issues.redhat.com/browse/JBEAP-17652"
},
{
"category": "external",
"summary": "JBEAP-17666",
"url": "https://issues.redhat.com/browse/JBEAP-17666"
},
{
"category": "external",
"summary": "JBEAP-17773",
"url": "https://issues.redhat.com/browse/JBEAP-17773"
},
{
"category": "external",
"summary": "JBEAP-17779",
"url": "https://issues.redhat.com/browse/JBEAP-17779"
},
{
"category": "external",
"summary": "JBEAP-17789",
"url": "https://issues.redhat.com/browse/JBEAP-17789"
},
{
"category": "external",
"summary": "JBEAP-17805",
"url": "https://issues.redhat.com/browse/JBEAP-17805"
},
{
"category": "external",
"summary": "JBEAP-17835",
"url": "https://issues.redhat.com/browse/JBEAP-17835"
},
{
"category": "external",
"summary": "JBEAP-17837",
"url": "https://issues.redhat.com/browse/JBEAP-17837"
},
{
"category": "external",
"summary": "JBEAP-17887",
"url": "https://issues.redhat.com/browse/JBEAP-17887"
},
{
"category": "external",
"summary": "JBEAP-17898",
"url": "https://issues.redhat.com/browse/JBEAP-17898"
},
{
"category": "external",
"summary": "JBEAP-17905",
"url": "https://issues.redhat.com/browse/JBEAP-17905"
},
{
"category": "external",
"summary": "JBEAP-17906",
"url": "https://issues.redhat.com/browse/JBEAP-17906"
},
{
"category": "external",
"summary": "JBEAP-17940",
"url": "https://issues.redhat.com/browse/JBEAP-17940"
},
{
"category": "external",
"summary": "JBEAP-17945",
"url": "https://issues.redhat.com/browse/JBEAP-17945"
},
{
"category": "external",
"summary": "JBEAP-17974",
"url": "https://issues.redhat.com/browse/JBEAP-17974"
},
{
"category": "external",
"summary": "JBEAP-17998",
"url": "https://issues.redhat.com/browse/JBEAP-17998"
},
{
"category": "external",
"summary": "JBEAP-18169",
"url": "https://issues.redhat.com/browse/JBEAP-18169"
},
{
"category": "external",
"summary": "JBEAP-18170",
"url": "https://issues.redhat.com/browse/JBEAP-18170"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0160.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:53+00:00",
"generator": {
"date": "2026-05-14T22:24:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0160",
"initial_release_date": "2020-01-21T03:47:51+00:00",
"revision_history": [
{
"date": "2020-01-21T03:47:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T03:47:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-21.SP12_redhat_00010.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.42-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.9.10-2.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Dominik Mizyn"
],
"organization": "Samsung R\u0026D Institute Poland"
}
],
"cve": "CVE-2019-10219",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1738673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: safeHTML validator allows XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10219"
},
{
"category": "external",
"summary": "RHBZ#1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
}
],
"release_date": "2019-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: safeHTML validator allows XSS"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-14885",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14885"
},
{
"category": "external",
"summary": "RHBZ#1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
}
]
}
RHSA-2020:0161
Vulnerability from csaf_redhat - Published: 2020-01-21 03:22 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 8 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening
on HTTPS (CVE-2019-14888)
* jboss-cli: JBoss EAP: Vault system property security attribute value is
revealed on CLI 'reload' command (CVE-2019-14885)
* netty: HTTP request smuggling by mishandled whitespace before the colon in
HTTP headers (CVE-2019-16869)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package
(CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the
commons-configuration package (CVE-2019-14892)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the p6spy package
(CVE-2019-16943)
* jackson-databind: polymorphic typing issue when enabling default typing for an
externally exposed JSON endpoint and having apache-log4j-extra in the classpath
leads to code execution (CVE-2019-17531)
* jackson-databind: Serialization gadgets in classes of the xalan package
(CVE-2019-14893)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* jackson-databind: Serialization gadgets in classes of the ehcache package
(CVE-2019-17267)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.5 (Medium)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
5.4 (Medium)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
86 references
Acknowledgments
Samsung R&D Institute Poland
Dominik Mizyn
Verizon Media
Henning Baldersheim
Håvard Pettersen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening\non HTTPS (CVE-2019-14888)\n\n* jboss-cli: JBoss EAP: Vault system property security attribute value is\nrevealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in\nHTTP headers (CVE-2019-16869)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package\n(CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in classes of the\ncommons-configuration package (CVE-2019-14892)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the p6spy package\n(CVE-2019-16943)\n\n* jackson-databind: polymorphic typing issue when enabling default typing for an\nexternally exposed JSON endpoint and having apache-log4j-extra in the classpath\nleads to code execution (CVE-2019-17531)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package\n(CVE-2019-14893)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package\n(CVE-2019-17267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0161",
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "JBEAP-17491",
"url": "https://issues.redhat.com/browse/JBEAP-17491"
},
{
"category": "external",
"summary": "JBEAP-17541",
"url": "https://issues.redhat.com/browse/JBEAP-17541"
},
{
"category": "external",
"summary": "JBEAP-17651",
"url": "https://issues.redhat.com/browse/JBEAP-17651"
},
{
"category": "external",
"summary": "JBEAP-17652",
"url": "https://issues.redhat.com/browse/JBEAP-17652"
},
{
"category": "external",
"summary": "JBEAP-17666",
"url": "https://issues.redhat.com/browse/JBEAP-17666"
},
{
"category": "external",
"summary": "JBEAP-17773",
"url": "https://issues.redhat.com/browse/JBEAP-17773"
},
{
"category": "external",
"summary": "JBEAP-17779",
"url": "https://issues.redhat.com/browse/JBEAP-17779"
},
{
"category": "external",
"summary": "JBEAP-17789",
"url": "https://issues.redhat.com/browse/JBEAP-17789"
},
{
"category": "external",
"summary": "JBEAP-17805",
"url": "https://issues.redhat.com/browse/JBEAP-17805"
},
{
"category": "external",
"summary": "JBEAP-17836",
"url": "https://issues.redhat.com/browse/JBEAP-17836"
},
{
"category": "external",
"summary": "JBEAP-17837",
"url": "https://issues.redhat.com/browse/JBEAP-17837"
},
{
"category": "external",
"summary": "JBEAP-17887",
"url": "https://issues.redhat.com/browse/JBEAP-17887"
},
{
"category": "external",
"summary": "JBEAP-17898",
"url": "https://issues.redhat.com/browse/JBEAP-17898"
},
{
"category": "external",
"summary": "JBEAP-17905",
"url": "https://issues.redhat.com/browse/JBEAP-17905"
},
{
"category": "external",
"summary": "JBEAP-17906",
"url": "https://issues.redhat.com/browse/JBEAP-17906"
},
{
"category": "external",
"summary": "JBEAP-17940",
"url": "https://issues.redhat.com/browse/JBEAP-17940"
},
{
"category": "external",
"summary": "JBEAP-17945",
"url": "https://issues.redhat.com/browse/JBEAP-17945"
},
{
"category": "external",
"summary": "JBEAP-17974",
"url": "https://issues.redhat.com/browse/JBEAP-17974"
},
{
"category": "external",
"summary": "JBEAP-17998",
"url": "https://issues.redhat.com/browse/JBEAP-17998"
},
{
"category": "external",
"summary": "JBEAP-18169",
"url": "https://issues.redhat.com/browse/JBEAP-18169"
},
{
"category": "external",
"summary": "JBEAP-18170",
"url": "https://issues.redhat.com/browse/JBEAP-18170"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0161.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 8 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:54+00:00",
"generator": {
"date": "2026-05-14T22:24:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0161",
"initial_release_date": "2020-01-21T03:22:56+00:00",
"revision_history": [
{
"date": "2020-01-21T03:22:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T03:22:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-21.SP12_redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.14-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.14-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.14-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.14-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.42-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.5-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-3.Final_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-3.Final_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-3.Final_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-3.Final_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-3.Final_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-3.Final_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.2.11-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.2.11-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.2.11-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.9.10-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.6-5.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.6-5.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.9.10-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.18-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Dominik Mizyn"
],
"organization": "Samsung R\u0026D Institute Poland"
}
],
"cve": "CVE-2019-10219",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1738673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: safeHTML validator allows XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10219"
},
{
"category": "external",
"summary": "RHBZ#1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
}
],
"release_date": "2019-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: safeHTML validator allows XSS"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-14885",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14885"
},
{
"category": "external",
"summary": "RHBZ#1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:22:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
}
]
}
RHSA-2020:0164
Vulnerability from csaf_redhat - Published: 2020-01-21 02:23 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening
on HTTPS (CVE-2019-14888)
* jboss-cli: JBoss EAP: Vault system property security attribute value is
revealed on CLI 'reload' command (CVE-2019-14885)
* netty: HTTP request smuggling by mishandled whitespace before the colon in
HTTP headers (CVE-2019-16869)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package
(CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the
commons-configuration package (CVE-2019-14892)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the p6spy package
(CVE-2019-16943)
* jackson-databind: polymorphic typing issue when enabling default typing for an
externally exposed JSON endpoint and having apache-log4j-extra in the classpath
leads to code execution (CVE-2019-17531)
* jackson-databind: Serialization gadgets in classes of the xalan package
(CVE-2019-14893)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* jackson-databind: Serialization gadgets in classes of the ehcache package
(CVE-2019-17267)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss EAP 7.2
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Samsung R&D Institute Poland
Dominik Mizyn
Verizon Media
Henning Baldersheim
Håvard Pettersen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening\non HTTPS (CVE-2019-14888)\n\n* jboss-cli: JBoss EAP: Vault system property security attribute value is\nrevealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in\nHTTP headers (CVE-2019-16869)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package\n(CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in classes of the\ncommons-configuration package (CVE-2019-14892)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the p6spy package\n(CVE-2019-16943)\n\n* jackson-databind: polymorphic typing issue when enabling default typing for an\nexternally exposed JSON endpoint and having apache-log4j-extra in the classpath\nleads to code execution (CVE-2019-17531)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package\n(CVE-2019-14893)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package\n(CVE-2019-17267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0164",
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "JBEAP-17491",
"url": "https://issues.redhat.com/browse/JBEAP-17491"
},
{
"category": "external",
"summary": "JBEAP-17541",
"url": "https://issues.redhat.com/browse/JBEAP-17541"
},
{
"category": "external",
"summary": "JBEAP-17651",
"url": "https://issues.redhat.com/browse/JBEAP-17651"
},
{
"category": "external",
"summary": "JBEAP-17652",
"url": "https://issues.redhat.com/browse/JBEAP-17652"
},
{
"category": "external",
"summary": "JBEAP-17666",
"url": "https://issues.redhat.com/browse/JBEAP-17666"
},
{
"category": "external",
"summary": "JBEAP-17773",
"url": "https://issues.redhat.com/browse/JBEAP-17773"
},
{
"category": "external",
"summary": "JBEAP-17779",
"url": "https://issues.redhat.com/browse/JBEAP-17779"
},
{
"category": "external",
"summary": "JBEAP-17789",
"url": "https://issues.redhat.com/browse/JBEAP-17789"
},
{
"category": "external",
"summary": "JBEAP-17805",
"url": "https://issues.redhat.com/browse/JBEAP-17805"
},
{
"category": "external",
"summary": "JBEAP-17837",
"url": "https://issues.redhat.com/browse/JBEAP-17837"
},
{
"category": "external",
"summary": "JBEAP-17887",
"url": "https://issues.redhat.com/browse/JBEAP-17887"
},
{
"category": "external",
"summary": "JBEAP-17898",
"url": "https://issues.redhat.com/browse/JBEAP-17898"
},
{
"category": "external",
"summary": "JBEAP-17905",
"url": "https://issues.redhat.com/browse/JBEAP-17905"
},
{
"category": "external",
"summary": "JBEAP-17906",
"url": "https://issues.redhat.com/browse/JBEAP-17906"
},
{
"category": "external",
"summary": "JBEAP-17940",
"url": "https://issues.redhat.com/browse/JBEAP-17940"
},
{
"category": "external",
"summary": "JBEAP-17945",
"url": "https://issues.redhat.com/browse/JBEAP-17945"
},
{
"category": "external",
"summary": "JBEAP-17974",
"url": "https://issues.redhat.com/browse/JBEAP-17974"
},
{
"category": "external",
"summary": "JBEAP-17998",
"url": "https://issues.redhat.com/browse/JBEAP-17998"
},
{
"category": "external",
"summary": "JBEAP-18169",
"url": "https://issues.redhat.com/browse/JBEAP-18169"
},
{
"category": "external",
"summary": "JBEAP-18170",
"url": "https://issues.redhat.com/browse/JBEAP-18170"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0164.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:53+00:00",
"generator": {
"date": "2026-05-14T22:24:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0164",
"initial_release_date": "2020-01-21T02:23:36+00:00",
"revision_history": [
{
"date": "2020-01-21T02:23:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T02:23:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2",
"product": {
"name": "Red Hat JBoss EAP 7.2",
"product_id": "Red Hat JBoss EAP 7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Dominik Mizyn"
],
"organization": "Samsung R\u0026D Institute Poland"
}
],
"cve": "CVE-2019-10219",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1738673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: safeHTML validator allows XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10219"
},
{
"category": "external",
"summary": "RHBZ#1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
}
],
"release_date": "2019-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: safeHTML validator allows XSS"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-14885",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14885"
},
{
"category": "external",
"summary": "RHBZ#1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss EAP 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:23:36+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss EAP 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat JBoss EAP 7.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss EAP 7.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
}
]
}
RHSA-2020:0445
Vulnerability from csaf_redhat - Published: 2020-02-06 08:34 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.3.6 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.3.6 serves as a replacement for Red Hat Single Sign-On 7.3.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: enabling default typing leads to code execution (CVE-2019-17531)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)
* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* xstream: remote code execution due to insecure XML deserialization regression (CVE-2019-10173)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found during the assessment of the Admin Console application for Keycloak, where it was found that Application Links to external applications are not validated properly. An attacker could use this flaw to cause Stored XSS attacks.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.3
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
69 references
Acknowledgments
Samsung R&D Institute Poland
Dominik Mizyn
Verizon Media
Henning Baldersheim
Håvard Pettersen
Cure53 Berlin
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.3.6 serves as a replacement for Red Hat Single Sign-On 7.3.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: enabling default typing leads to code execution (CVE-2019-17531)\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)\n* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)\n* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n* xstream: remote code execution due to insecure XML deserialization regression (CVE-2019-10173)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0445",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1722971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1722971"
},
{
"category": "external",
"summary": "1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0445.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.3.6 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:58+00:00",
"generator": {
"date": "2026-05-14T22:24:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0445",
"initial_release_date": "2020-02-06T08:34:54+00:00",
"revision_history": [
{
"date": "2020-02-06T08:34:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-11T12:30:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.3",
"product": {
"name": "Red Hat Single Sign-On 7.3",
"product_id": "Red Hat Single Sign-On 7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_single_sign_on:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10173",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2019-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1722971"
}
],
"notes": [
{
"category": "description",
"text": "It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10173"
},
{
"category": "external",
"summary": "RHBZ#1722971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1722971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10173",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10173"
},
{
"category": "external",
"summary": "http://x-stream.github.io/changes.html#1.4.11",
"url": "http://x-stream.github.io/changes.html#1.4.11"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)"
},
{
"acknowledgments": [
{
"names": [
"Dominik Mizyn"
],
"organization": "Samsung R\u0026D Institute Poland"
}
],
"cve": "CVE-2019-10219",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1738673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: safeHTML validator allows XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10219"
},
{
"category": "external",
"summary": "RHBZ#1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
}
],
"release_date": "2019-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: safeHTML validator allows XSS"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Single Sign-On 7.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
},
{
"acknowledgments": [
{
"names": [
"Cure53 Berlin"
]
}
],
"cve": "CVE-2020-1697",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1791538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found during the assessment of the Admin Console application for Keycloak, where it was found that Application Links to external applications are not validated properly. An attacker could use this flaw to cause Stored XSS attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: stored XSS in client settings via application links",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1697"
},
{
"category": "external",
"summary": "RHBZ#1791538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1697",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697"
}
],
"release_date": "2020-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-06T08:34:54+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: stored XSS in client settings via application links"
}
]
}
RHSA-2020:0895
Vulnerability from csaf_redhat - Published: 2020-03-18 14:51 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.7.0 Security Update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This release of Red Hat Process Automation Manager 7.7.0 serves as an update to Red Hat Process Automation Manager 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* elasticsearch: Improper permission issue when attaching a new name to an index (CVE-2019-7611)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: polymorphic typing issue when enabling default typing for an externally exposed JSON endpoint and having apache-log4j-extra in the classpath leads to code execution (CVE-2019-17531)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)
* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)
* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)
* mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure (CVE-2019-0231)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive information to third-party attackers.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Process Automation 7
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
56 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.7.0 serves as an update to Red Hat Process Automation Manager 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* elasticsearch: Improper permission issue when attaching a new name to an index (CVE-2019-7611)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: polymorphic typing issue when enabling default typing for an externally exposed JSON endpoint and having apache-log4j-extra in the classpath leads to code execution (CVE-2019-17531)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)\n\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)\n\n* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)\n\n* mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure (CVE-2019-0231)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0895",
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.7.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.7.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.7/html/release_notes_for_red_hat_process_automation_manager_7.7/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.7/html/release_notes_for_red_hat_process_automation_manager_7.7/index"
},
{
"category": "external",
"summary": "1696034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696034"
},
{
"category": "external",
"summary": "1700016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700016"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0895.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.7.0 Security Update",
"tracking": {
"current_release_date": "2026-05-14T22:25:09+00:00",
"generator": {
"date": "2026-05-14T22:25:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0895",
"initial_release_date": "2020-03-18T14:51:44+00:00",
"revision_history": [
{
"date": "2020-03-18T14:51:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-18T14:51:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Process Automation 7",
"product": {
"name": "Red Hat Process Automation 7",
"product_id": "Red Hat Process Automation 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0231",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2019-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1700016"
}
],
"notes": [
{
"category": "description",
"text": "A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive information to third-party attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat OpenStack Platform\u0027s OpenDaylight versions 8-10 contain the vulnerable code. However, these OpenDaylight versions were released as technical preview with limited support and will therefore not be updated. Other OpenDaylight versions do not contain the vulnerable library.\n\n* This issue affects the version of apache-mina shipped with Red Hat Gluster Storage 3, as it contains the vulnerable functionality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0231"
},
{
"category": "external",
"summary": "RHBZ#1700016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0231"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2019/04/14/1",
"url": "https://www.openwall.com/lists/oss-security/2019/04/14/1"
}
],
"release_date": "2019-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure."
},
{
"cve": "CVE-2019-7611",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2019-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1696034"
}
],
"notes": [
{
"category": "description",
"text": "A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elasticsearch: Improper permission issue when attaching a new name to an index",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform 8.0/9.0 Operational Tools Kibana/Elasticsearch versions do not include nor support X-Pack (8/9 versions must use the optional Shield, also not packaged); not affected.\n\nOpenShift Container Platform (OCP) does not include X-Pack with Elasticsearch, which prevents this vulnerability from being exploited. However, versions of Elasticsearch shipped in OCP do contain the vulnerable code which could allow this vulnerability to be exploited if X-Pack was installed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-7611"
},
{
"category": "external",
"summary": "RHBZ#1696034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696034"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-7611",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7611"
}
],
"release_date": "2019-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elasticsearch: Improper permission issue when attaching a new name to an index"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Process Automation 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-18T14:51:44+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Process Automation 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0895"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Process Automation 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Process Automation 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…