Action not permitted
Modal body text goes here.
CVE-2020-25649
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | jackson-databind |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:40:36.648Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FasterXML/jackson-databind/issues/2589" }, { "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E" }, { "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E" }, { "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E" }, { "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E" }, { "name": "FEDORA-2021-1d8254899c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E" }, { "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E" }, { "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210108-0007/" }, { "name": "[spark-user] 20210621 Re: CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "jackson-databind", "vendor": "n/a", "versions": [ { "status": "affected", "version": "jackson-databind-2.11.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "CWE-611", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:15:31", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FasterXML/jackson-databind/issues/2589" }, { "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E" }, { "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E" }, { "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E" }, { "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E" }, { "name": "FEDORA-2021-1d8254899c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E" }, { "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E" }, { "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210108-0007/" }, { "name": "[spark-user] 20210621 Re: CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25649", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "jackson-databind", "version": { "version_data": [ { "version_value": "jackson-databind-2.11.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-611" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "name": "https://github.com/FasterXML/jackson-databind/issues/2589", "refsource": "MISC", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" }, { "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E" }, { "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E" }, { "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E" }, { "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E" }, { "name": "FEDORA-2021-1d8254899c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E" }, { "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E" }, { "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E" }, { "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20210108-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210108-0007/" }, { "name": "[spark-user] 20210621 Re: CVEs", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25649", "datePublished": "2020-12-03T16:16:50", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-04T15:40:36.648Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-25649\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-12-03T17:15:12.503\",\"lastModified\":\"2023-11-07T03:20:18.977\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en FasterXML Jackson Databind, donde no ten\u00eda la expansi\u00f3n de entidad asegurada apropiadamente. Este fallo permite una vulnerabilidad a ataques de tipo XML external entity (XXE). La mayor amenaza de esta vulnerabilidad es la integridad de los datos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.7.4\",\"matchCriteriaId\":\"2C23395F-4438-4B80-9DA6-87E760F7459A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.10.7\",\"matchCriteriaId\":\"7703D07D-5784-47D1-9391-D376A24D7C5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.10.0\",\"versionEndExcluding\":\"2.10.5.1\",\"matchCriteriaId\":\"28C07803-813B-4AAC-9C08-9EB83756F16B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7081652A-D28B-494E-94EF-CA88117F23EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.1\",\"matchCriteriaId\":\"ADFFB9C4-DE43-4ADC-B1C7-6F034741D9C3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.12.0\",\"matchCriteriaId\":\"8C798AD5-AAF5-4044-B348-336F4CFA86CF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*\",\"matchCriteriaId\":\"5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.1\",\"versionEndIncluding\":\"18.3\",\"matchCriteriaId\":\"6DF2D056-3118-4C31-BEDD-69F016898CBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86F03B63-F922-45CD-A7D1-326DB0042875\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CBFC93F-8B39-45A2-981C-59B187169BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0843465C-F940-4FFC-998D-9A2668B75EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282150FF-C945-4A3E-8A80-E8757A8907EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBCE22C0-4253-40A5-89AE-499A3BC9EFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9FC9AB-1070-420F-870E-A5EC43A924A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5C28ED-C5AA-40B9-9B26-6A91D20B3E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180F3D2A-7E7A-4DE9-9792-942CB3D6B51E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.2\",\"matchCriteriaId\":\"D0DBC938-A782-433F-8BF1-CA250C332AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA64A1D-34F9-4441-857A-25C165E6DBB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.3.2\",\"matchCriteriaId\":\"F012E976-E219-46C2-8177-60ED859594BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BEF2FC-89B8-4D97-BB3A-C1ECA19D03B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A89FD-6B86-49AE-9B4F-AE7262915E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB1BC31C-6016-42A8-9517-2FBBC92620CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4012B512-DB7D-476A-93A6-51054DD6E3D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987811D5-DA5E-493D-8709-F9231A84E5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A94B36-479F-48F2-9B9E-ACEA2589EF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E23F2E-6733-45AF-9BD9-1A600BD278C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28AD22B9-A037-419C-8D72-8B062E6882FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A23B00C1-878A-4B55-B87B-EFFFA6A5E622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A28F42F0-FBDA-4574-AD30-7A04F27FEA3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BE0590-31BD-4FCD-B50E-A5F86196F99E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2051BA9E-E635-47D5-B942-8AC26E9487CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EA81FC1-63E1-479F-941C-930351E43010\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"1DDB3D8B-1D04-4345-BB27-723186719CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F89EC4B-6D34-40F0-B7C6-C03D03F81C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"5DEAB5CD-4223-4A43-AB9E-486113827A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E25293-CB03-44CE-A8ED-04B3A0487A6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"A0A366B8-1B5C-4C9E-A761-1AB1547D7404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"4BCA7DD9-8599-4E43-9D82-999BE15483B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"6951D244-845C-4BF2-AC75-F226B0C39C77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.11\",\"matchCriteriaId\":\"53E2276C-9515-46F6-A621-213A3047B9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.10\",\"matchCriteriaId\":\"3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A932C79-8646-4023-9C12-9C7A2A6840EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E702EBED-DB39-4084-84B1-258BC5FE7545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7956BF-D5B6-484B-999C-36B45CD8B75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEE71EA5-B315-4F1E-BFEE-EC426B562F7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B2C44-CECD-4551-B04F-4076D0E053C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5BBA303-8D2B-48C5-B52A-4E192166699C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E819270D-AA7D-4B0E-990B-D25AB6E46FBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569C0BD-16C1-441E-BAEB-840C94BE73EF\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2589\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210108-0007/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
rhsa-2020_4312
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4312", "url": "https://access.redhat.com/errata/RHSA-2020:4312" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4312.json" } ], "title": "Red Hat Security Advisory: rh-maven35-jackson-databind security update", "tracking": { "current_release_date": "2024-11-15T07:25:44+00:00", "generator": { "date": "2024-11-15T07:25:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:4312", "initial_release_date": "2020-10-22T16:48:27+00:00", "revision_history": [ { "date": "2020-10-22T16:48:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-10-22T16:48:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:25:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "product": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "product_id": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.12.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "product": { "name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "product_id": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-jackson-databind-javadoc@2.7.6-2.12.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "product": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "product_id": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.12.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)", "product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)", "product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src" }, "product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" }, "product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-22T16:48:27+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4312" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src", "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_4402
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4402", "url": "https://access.redhat.com/errata/RHSA-2020:4402" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4402.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update", "tracking": { "current_release_date": "2024-11-15T07:25:58+00:00", "generator": { "date": "2024-11-15T07:25:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:4402", "initial_release_date": "2020-10-28T21:06:51+00:00", "revision_history": [ { "date": "2020-10-28T21:06:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-10-28T21:06:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:25:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-28T21:06:51+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nYou must restart the JBoss server process for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4402" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2021_0381
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Red Hat Virtualization Manager now requires Ansible 2.9.15. (BZ#1901946)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0381", "url": "https://access.redhat.com/errata/RHSA-2021:0381" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "1627997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627997" }, { "category": "external", "summary": "1702237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702237" }, { "category": "external", "summary": "1796231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796231" }, { "category": "external", "summary": "1868114", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868114" }, { "category": "external", "summary": "1875951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875951" }, { "category": "external", "summary": "1879655", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879655" }, { "category": "external", "summary": "1880015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880015" }, { "category": "external", "summary": "1881115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881115" }, { "category": "external", "summary": "1881357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881357" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "1893035", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893035" }, { "category": "external", "summary": "1894298", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894298" }, { "category": "external", "summary": "1901946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901946" }, { "category": "external", "summary": "1903385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903385" }, { "category": "external", "summary": "1903595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903595" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0381.json" } ], "title": "Red Hat Security Advisory: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]", "tracking": { "current_release_date": "2024-11-15T07:28:34+00:00", "generator": { "date": "2024-11-15T07:28:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0381", "initial_release_date": "2021-02-02T13:57:58+00:00", "revision_history": [ { "date": "2021-02-02T13:57:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-02T13:57:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:28:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product": { "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "product": { "name": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "product_id": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.6.0-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.4.2-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.4.4.2-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.4.4.2-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch", "product": { "name": "rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch", "product_id": "rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.7-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "product": { "name": "ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "product_id": "ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.6.6-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "product": { "name": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "product_id": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.6-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.4.5-0.10.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-0:4.4.4.5-0.10.el8ev.noarch", "product": { "name": "rhvm-0:4.4.4.5-0.10.el8ev.noarch", "product_id": "rhvm-0:4.4.4.5-0.10.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm@4.4.4.5-0.10.el8ev?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src", "product": { "name": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src", "product_id": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.6.0-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "product": { "name": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "product_id": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.4.2-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhvm-branding-rhv-0:4.4.7-1.el8ev.src", "product": { "name": "rhvm-branding-rhv-0:4.4.7-1.el8ev.src", "product_id": "rhvm-branding-rhv-0:4.4.7-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.7-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.6.6-1.el8ev.src", "product": { "name": "ovirt-web-ui-0:1.6.6-1.el8ev.src", "product_id": "ovirt-web-ui-0:1.6.6-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.6.6-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "product": { "name": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "product_id": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.6-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "product": { "name": "ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "product_id": "ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.5-0.10.el8ev?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.4.4.5-0.10.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.src" }, "product_reference": "ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src" }, "product_reference": "ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.6.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.noarch" }, "product_reference": "ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.6.6-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.src" }, "product_reference": "ovirt-web-ui-0:1.6.6-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-0:4.4.4.5-0.10.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.4.5-0.10.el8ev.noarch" }, "product_reference": "rhvm-0:4.4.4.5-0.10.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch" }, "product_reference": "rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-branding-rhv-0:4.4.7-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.src" }, "product_reference": "rhvm-branding-rhv-0:4.4.7-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch" }, "product_reference": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src" }, "product_reference": "vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-02T13:57:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0381" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.7-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.5-0.10.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.4.2-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.4.2-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.6-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.6-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.4.5-0.10.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.6.0-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2021_2475
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988)\n\n* xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)\n\n* xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)\n\n* xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)\n\n* xstream: ReDoS vulnerability (CVE-2021-21348)\n\n* xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)\n\n* xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)\n\n* xstream: SSRF via crafted input stream (CVE-2021-21342)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346)\n\n* xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345)\n\n* xstream: arbitrary code execution via crafted input stream (CVE-2021-21344)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2475", "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "1908832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832" }, { "category": "external", "summary": "1908837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837" }, { "category": "external", "summary": "1933816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933816" }, { "category": "external", "summary": "1942539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539" }, { "category": "external", "summary": "1942545", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545" }, { "category": "external", "summary": "1942550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550" }, { "category": "external", "summary": "1942554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554" }, { "category": "external", "summary": "1942558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558" }, { "category": "external", "summary": "1942578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578" }, { "category": "external", "summary": "1942629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629" }, { "category": "external", "summary": "1942633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633" }, { "category": "external", "summary": "1942635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635" }, { "category": "external", "summary": "1942637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637" }, { "category": "external", "summary": "1942642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2475.json" } ], "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.11.0 security update", "tracking": { "current_release_date": "2024-11-15T07:32:57+00:00", "generator": { "date": "2024-11-15T07:32:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:2475", "initial_release_date": "2021-06-17T13:14:44+00:00", "revision_history": [ { "date": "2021-06-17T13:14:44+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-17T13:14:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:32:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHPAM 7.11.0", "product": { "name": "RHPAM 7.11.0", "product_id": "RHPAM 7.11.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.11" } } } ], "category": "product_family", "name": "Red Hat Process Automation Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-11988", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1933816" } ], "notes": [ { "category": "description", "text": "Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.", "title": "Vulnerability description" }, { "category": "summary", "text": "xmlgraphics-commons: SSRF due to improper input validation by the XMPParser", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect xmlgraphics-commons as shipped with Red Hat Enterprise Linux 8. It is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about support scope for Red Hat Enterprise Linux, please see https://access.redhat.com/support/policy/updates/errata/ .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11988" }, { "category": "external", "summary": "RHBZ#1933816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933816" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11988", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11988" }, { "category": "external", "summary": "https://xmlgraphics.apache.org/security.html", "url": "https://xmlgraphics.apache.org/security.html" } ], "release_date": "2021-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "RHPAM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xmlgraphics-commons: SSRF due to improper input validation by the XMPParser" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "RHPAM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" }, { "cve": "CVE-2020-26258", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2020-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1908832" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26258" }, { "category": "external", "summary": "RHBZ#1908832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26258", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26258" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258" } ], "release_date": "2020-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "category": "workaround", "details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);", "product_ids": [ "RHPAM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling" }, { "cve": "CVE-2020-26259", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2020-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1908837" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: arbitrary file deletion on the local host when unmarshalling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26259" }, { "category": "external", "summary": "RHBZ#1908837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26259", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26259" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259" } ], "release_date": "2020-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "category": "workaround", "details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);", "product_ids": [ "RHPAM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: arbitrary file deletion on the local host when unmarshalling" }, { "cve": "CVE-2021-21341", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942539" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21341" }, { "category": "external", "summary": "RHBZ#1942539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21341", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21341" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream" }, { "cve": "CVE-2021-21342", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942545" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: SSRF via crafted input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21342" }, { "category": "external", "summary": "RHBZ#1942545", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21342", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21342" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: SSRF via crafted input stream" }, { "cve": "CVE-2021-21343", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942550" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: arbitrary file deletion on the local host via crafted input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21343" }, { "category": "external", "summary": "RHBZ#1942550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21343", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21343" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: arbitrary file deletion on the local host via crafted input stream" }, { "cve": "CVE-2021-21344", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942554" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21344" }, { "category": "external", "summary": "RHBZ#1942554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21344", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21344" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet" }, { "cve": "CVE-2021-21345", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942558" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21345" }, { "category": "external", "summary": "RHBZ#1942558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21345", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry" }, { "cve": "CVE-2021-21346", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942578" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21346" }, { "category": "external", "summary": "RHBZ#1942578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21346", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue" }, { "cve": "CVE-2021-21347", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942629" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21347" }, { "category": "external", "summary": "RHBZ#1942629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21347", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21347" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator" }, { "cve": "CVE-2021-21348", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942633" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: ReDoS vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21348" }, { "category": "external", "summary": "RHBZ#1942633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21348", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: ReDoS vulnerability" }, { "cve": "CVE-2021-21349", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942635" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21349" }, { "category": "external", "summary": "RHBZ#1942635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21349", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host" }, { "cve": "CVE-2021-21350", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942637" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21350" }, { "category": "external", "summary": "RHBZ#1942637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21350", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21350" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader" }, { "cve": "CVE-2021-21351", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942642" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21351" }, { "category": "external", "summary": "RHBZ#1942642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21351", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21351" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:14:44+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHPAM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2475" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream" } ] }
rhsa-2020_5410
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat Data Grid 7.3.7 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5410", "url": "https://access.redhat.com/errata/RHSA-2020:5410" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/" }, { "category": "external", "summary": "1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5410.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.8 security update", "tracking": { "current_release_date": "2024-11-15T07:26:22+00:00", "generator": { "date": "2024-11-15T07:26:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:5410", "initial_release_date": "2020-12-14T17:52:08+00:00", "revision_history": [ { "date": "2020-12-14T17:52:08+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-12-14T17:52:08+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:26:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 7.3.8", "product": { "name": "Red Hat Data Grid 7.3.8", "product_id": "Red Hat Data Grid 7.3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25644", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1885485" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25644" }, { "category": "external", "summary": "RHBZ#1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644" } ], "release_date": "2020-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-14T17:52:08+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.8 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.8 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5410" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Data Grid 7.3.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-14T17:52:08+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.8 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.8 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5410" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Red Hat Data Grid 7.3.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2021_0811
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface (CVE-2020-13946)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0811", "url": "https://access.redhat.com/errata/RHSA-2021:0811" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q1/html-single/release_notes_for_red_hat_integration_2021.q1", "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q1/html-single/release_notes_for_red_hat_integration_2021.q1" }, { "category": "external", "summary": "1875830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875830" }, { "category": "external", "summary": "1886587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0811.json" } ], "title": "Red Hat Security Advisory: Red Hat Integration Tech-Preview 3 Camel K security update", "tracking": { "current_release_date": "2024-11-15T08:42:42+00:00", "generator": { "date": "2024-11-15T08:42:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0811", "initial_release_date": "2021-03-11T17:49:45+00:00", "revision_history": [ { "date": "2021-03-11T17:49:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-11T17:49:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T08:42:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Integration - Camel K - Tech-Preview 3", "product": { "name": "Red Hat Integration - Camel K - Tech-Preview 3", "product_id": "Red Hat Integration - Camel K - Tech-Preview 3", "product_identification_helper": { "cpe": "cpe:/a:redhat:integration:1" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-13946", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-09-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1875830" } ], "notes": [ { "category": "description", "text": "A flaw was found in cassandra in versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2. A local attacker without access to the Apache Cassandra process or configuration files can manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. A JRE vulnerability (CVE-2019-2684) enables this issue to be exploited remotely. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration - Camel K - Tech-Preview 3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13946" }, { "category": "external", "summary": "RHBZ#1875830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875830" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13946", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13946" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13946", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13946" } ], "release_date": "2020-09-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-11T17:49:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration - Camel K - Tech-Preview 3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0811" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Integration - Camel K - Tech-Preview 3" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface" }, { "cve": "CVE-2020-13956", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-10-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1886587" } ], "notes": [ { "category": "description", "text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-httpclient: incorrect handling of malformed authority component in request URIs", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration - Camel K - Tech-Preview 3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13956" }, { "category": "external", "summary": "RHBZ#1886587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4", "url": "https://www.openwall.com/lists/oss-security/2020/10/08/4" } ], "release_date": "2020-10-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-11T17:49:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration - Camel K - Tech-Preview 3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0811" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Integration - Camel K - Tech-Preview 3" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "apache-httpclient: incorrect handling of malformed authority component in request URIs" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration - Camel K - Tech-Preview 3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-11T17:49:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration - Camel K - Tech-Preview 3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0811" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Red Hat Integration - Camel K - Tech-Preview 3" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Integration - Camel K - Tech-Preview 3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_5341
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5341", "url": "https://access.redhat.com/errata/RHSA-2020:5341" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "JBEAP-20029", "url": "https://issues.redhat.com/browse/JBEAP-20029" }, { "category": "external", "summary": "JBEAP-20089", "url": "https://issues.redhat.com/browse/JBEAP-20089" }, { "category": "external", "summary": "JBEAP-20119", "url": "https://issues.redhat.com/browse/JBEAP-20119" }, { "category": "external", "summary": "JBEAP-20161", "url": "https://issues.redhat.com/browse/JBEAP-20161" }, { "category": "external", "summary": "JBEAP-20222", "url": "https://issues.redhat.com/browse/JBEAP-20222" }, { "category": "external", "summary": "JBEAP-20239", "url": "https://issues.redhat.com/browse/JBEAP-20239" }, { "category": "external", "summary": "JBEAP-20246", "url": "https://issues.redhat.com/browse/JBEAP-20246" }, { "category": "external", "summary": "JBEAP-20285", "url": "https://issues.redhat.com/browse/JBEAP-20285" }, { "category": "external", "summary": "JBEAP-20300", "url": "https://issues.redhat.com/browse/JBEAP-20300" }, { "category": "external", "summary": "JBEAP-20325", "url": "https://issues.redhat.com/browse/JBEAP-20325" }, { "category": "external", "summary": "JBEAP-20364", "url": "https://issues.redhat.com/browse/JBEAP-20364" }, { "category": "external", "summary": "JBEAP-20368", "url": "https://issues.redhat.com/browse/JBEAP-20368" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5341.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "tracking": { "current_release_date": "2024-11-15T07:25:55+00:00", "generator": { "date": "2024-11-15T07:25:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:5341", "initial_release_date": "2020-12-03T19:18:18+00:00", "revision_history": [ { "date": "2020-12-03T19:18:18+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-12-03T19:18:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:25:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.32-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.11-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.21-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.21-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-6.redhat_00016.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.10-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.10-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-3.Final_redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-3.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-3.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "product_id": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.6.0-1.redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.4-3.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.4-3.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.4-3.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.4-3.GA_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.4-3.GA_redhat_00003.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.11-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.32-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.19-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.9-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.11-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.21-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-6.redhat_00016.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.10-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-3.Final_redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-3.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "product": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "product_id": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.6.0-1.redhat_00006.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "product_id": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.4-3.GA_redhat_00003.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src" }, "product_reference": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:18:18+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5341" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25644", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1885485" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25644" }, { "category": "external", "summary": "RHBZ#1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644" } ], "release_date": "2020-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:18:18+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5341" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:18:18+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5341" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap.src", "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_5340
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5340", "url": "https://access.redhat.com/errata/RHSA-2020:5340" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "JBEAP-20029", "url": "https://issues.redhat.com/browse/JBEAP-20029" }, { "category": "external", "summary": "JBEAP-20089", "url": "https://issues.redhat.com/browse/JBEAP-20089" }, { "category": "external", "summary": "JBEAP-20119", "url": "https://issues.redhat.com/browse/JBEAP-20119" }, { "category": "external", "summary": "JBEAP-20161", "url": "https://issues.redhat.com/browse/JBEAP-20161" }, { "category": "external", "summary": "JBEAP-20221", "url": "https://issues.redhat.com/browse/JBEAP-20221" }, { "category": "external", "summary": "JBEAP-20239", "url": "https://issues.redhat.com/browse/JBEAP-20239" }, { "category": "external", "summary": "JBEAP-20246", "url": "https://issues.redhat.com/browse/JBEAP-20246" }, { "category": "external", "summary": "JBEAP-20285", "url": "https://issues.redhat.com/browse/JBEAP-20285" }, { "category": "external", "summary": "JBEAP-20300", "url": "https://issues.redhat.com/browse/JBEAP-20300" }, { "category": "external", "summary": "JBEAP-20325", "url": "https://issues.redhat.com/browse/JBEAP-20325" }, { "category": "external", "summary": "JBEAP-20364", "url": "https://issues.redhat.com/browse/JBEAP-20364" }, { "category": "external", "summary": "JBEAP-20368", "url": "https://issues.redhat.com/browse/JBEAP-20368" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5340.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "tracking": { "current_release_date": "2024-11-15T07:25:45+00:00", "generator": { "date": "2024-11-15T07:25:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:5340", "initial_release_date": "2020-12-03T19:16:26+00:00", "revision_history": [ { "date": "2020-12-03T19:16:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-12-03T19:16:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:25:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.32-1.SP1_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.19-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.9-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.9-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.11-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.21-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.21-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-6.redhat_00016.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.10-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.10-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.12-1.Final_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-3.Final_redhat_00004.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-3.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-3.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "product": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "product_id": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.6.0-1.redhat_00006.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.4-3.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.4-3.GA_redhat_00003.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.4-3.GA_redhat_00003.1.el6eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.11-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.32-1.SP1_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.19-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.9-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.11-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.21-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "product": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "product_id": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-6.redhat_00016.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.10-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-3.Final_redhat_00004.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-3.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "product": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "product_id": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.6.0-1.redhat_00006.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "product": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "product_id": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.4-3.GA_redhat_00003.1.el6eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch" }, "product_reference": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src" }, "product_reference": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src" }, "product_reference": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:16:26+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5340" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25644", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1885485" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25644" }, { "category": "external", "summary": "RHBZ#1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644" } ], "release_date": "2020-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:16:26+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5340" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:16:26+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5340" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap.src", "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el6eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2021_2039
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes.\n\nSecurity Fix(es):\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2039", "url": "https://access.redhat.com/errata/RHSA-2021:2039" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2", "url": "https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2" }, { "category": "external", "summary": "1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2039.json" } ], "title": "Red Hat Security Advisory: Service Registry (container images) release and security update [1.1.1.GA]", "tracking": { "current_release_date": "2024-11-15T07:32:06+00:00", "generator": { "date": "2024-11-15T07:32:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:2039", "initial_release_date": "2021-05-19T08:01:05+00:00", "revision_history": [ { "date": "2021-05-19T08:01:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-19T08:01:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:32:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Integration", "product": { "name": "Red Hat Integration", "product_id": "Red Hat Integration", "product_identification_helper": { "cpe": "cpe:/a:redhat:integration:1" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-14040", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-06-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853652" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14040" }, { "category": "external", "summary": "RHBZ#1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040" }, { "category": "external", "summary": "https://github.com/golang/go/issues/39491", "url": "https://github.com/golang/go/issues/39491" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0", "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0" } ], "release_date": "2020-06-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-19T08:01:05+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2039" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Integration" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash" }, { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-19T08:01:05+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2039" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "Red Hat Integration" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Integration" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Integration" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-19T08:01:05+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Integration" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2039" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Red Hat Integration" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Integration" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2021_1429
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.6.27 is now available with\nupdates to packages and images that fix several bugs.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.27. See the following advisory for the container images for\nthis release:\n \nhttps://access.redhat.com/errata/RHBA-2021:1427\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\n\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1429", "url": "https://access.redhat.com/errata/RHSA-2021:1429" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "1941768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941768" }, { "category": "external", "summary": "1954163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954163" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1429.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.27 security and extras update", "tracking": { "current_release_date": "2024-11-15T07:31:15+00:00", "generator": { "date": "2024-11-15T07:31:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:1429", "initial_release_date": "2021-05-05T08:06:22+00:00", "revision_history": [ { "date": "2021-05-05T08:06:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-05T08:06:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:31:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x", "product": { "name": "openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x", "product_id": "openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x", "product": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x", "product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x", "product": { "name": "openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x", "product_id": "openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x", "product": { "name": "openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x", "product_id": "openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x", "product": { "name": "openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x", "product_id": "openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x", "product_identification_helper": { "purl": "pkg:oci/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/driver-toolkit-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x", "product": { "name": "openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x", "product_id": "openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202104231510.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x", "product": { "name": "openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x", "product_id": "openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x", "product": { "name": "openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x", "product_id": "openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x", "product": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x", "product_id": "openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-static-provisioner\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x", "product": { "name": "openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x", "product_id": "openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "product": { "name": "openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "product_id": "openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x", "product": { "name": "openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x", "product_id": "openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-eventrouter\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x", "product": { "name": "openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x", "product_id": "openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x", "product": { "name": "openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x", "product_id": "openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202104231510.p0" } } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x", "product": { "name": "openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x", "product_id": "openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x", "product": { "name": "openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x", "product_id": "openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.6.0-202104222125.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x", "product": { "name": "openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x", "product_id": "openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x", "product": { "name": "openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x", "product_id": "openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x", "product": { "name": "openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x", "product_id": "openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x", "product": { "name": "openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x", "product_id": "openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x", "product_id": "openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.6.0-202104271335.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x", "product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x", "product": { "name": "openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x", "product_id": "openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x", "product": { "name": "openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x", "product_id": "openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x", "product": { "name": "openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x", "product_id": "openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-leader-elector-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x", "product": { "name": "openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x", "product_id": "openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x", "product": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x", "product_id": "openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-metering-helm-container-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x", "product": { "name": "openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x", "product_id": "openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x", "product": { "name": "openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x", "product_id": "openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x", "product": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x", "product_id": "openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x", "product": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x", "product_id": "openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x", "product": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x", "product_id": "openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-operator-must-gather\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x", "product_id": "openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x", "product": { "name": "openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x", "product_id": "openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.6.0-202104221811.p0" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64", "product": { "name": "openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64", "product_id": "openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64", "product": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64", "product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64", "product": { "name": "openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64", "product_id": "openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64", "product": { "name": "openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64", "product_id": "openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64", "product": { "name": "openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64", "product_id": "openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64", "product_identification_helper": { "purl": "pkg:oci/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/driver-toolkit-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64", "product": { "name": "openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64", "product_id": "openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202104231510.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64", "product": { "name": "openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64", "product_id": "openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ghostunnel\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64", "product": { "name": "openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64", "product_id": "openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hadoop\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64", "product": { "name": "openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64", "product_id": "openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hive\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64", "product": { "name": "openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64", "product_id": "openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64", "product": { "name": "openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64", "product_id": "openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64", "product": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64", "product_id": "openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-static-provisioner\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64", "product": { "name": "openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64", "product_id": "openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "product": { "name": "openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "product_id": "openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64", "product": { "name": "openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64", "product_id": "openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-eventrouter\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64", "product": { "name": "openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64", "product_id": "openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64", "product": { "name": "openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64", "product_id": "openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202104231510.p0" } } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64", "product": { "name": "openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64", "product_id": "openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64", "product": { "name": "openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64", "product_id": "openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.6.0-202104222125.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64", "product": { "name": "openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64", "product_id": "openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64", "product": { "name": "openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64", "product_id": "openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64", "product": { "name": "openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64", "product_id": "openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64", "product": { "name": "openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64", "product_id": "openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64", "product_id": "openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.6.0-202104271335.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64", "product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64", "product": { "name": "openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64", "product_id": "openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64", "product": { "name": "openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64", "product_id": "openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64", "product": { "name": "openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64", "product_id": "openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-leader-elector-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64", "product": { "name": "openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64", "product_id": "openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64", "product": { "name": "openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64", "product_id": "openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.6.0-202104261627.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64", "product": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64", "product_id": "openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-helm-container-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64", "product": { "name": "openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64", "product_id": "openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-reporting-operator\u0026tag=v4.6.0-202104261627.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64", "product": { "name": "openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64", "product_id": "openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64", "product": { "name": "openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64", "product_id": "openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-presto\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64", "product": { "name": "openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64", "product_id": "openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64", "product": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64", "product_id": "openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64", "product": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64", "product_id": "openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64", "product": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64", "product_id": "openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-operator-must-gather\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64", "product_id": "openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64", "product": { "name": "openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64", "product_id": "openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.6.0-202104221811.p0" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le", "product": { "name": "openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le", "product_id": "openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le", "product": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le", "product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le", "product": { "name": "openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le", "product_id": "openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le", "product": { "name": "openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le", "product_id": "openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le", "product": { "name": "openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le", "product_id": "openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/driver-toolkit-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le", "product": { "name": "openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le", "product_id": "openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202104231510.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le", "product": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le", "product_id": "openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le", "product": { "name": "openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le", "product_id": "openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le", "product": { "name": "openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le", "product_id": "openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le", "product": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le", "product_id": "openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-static-provisioner\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le", "product": { "name": "openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le", "product_id": "openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le", "product": { "name": "openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le", "product_id": "openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le", "product": { "name": "openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le", "product_id": "openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-eventrouter\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le", "product": { "name": "openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le", "product_id": "openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le", "product": { "name": "openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le", "product_id": "openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202104231510.p0" } } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le", "product": { "name": "openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le", "product_id": "openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le", "product": { "name": "openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le", "product_id": "openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.6.0-202104222125.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le", "product": { "name": "openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le", "product_id": "openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le", "product": { "name": "openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le", "product_id": "openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le", "product": { "name": "openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le", "product_id": "openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le", "product": { "name": "openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le", "product_id": "openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le", "product": { "name": "openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le", "product_id": "openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-service-idler-rhel8\u0026tag=v4.6.0-202104271335.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le", "product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le", "product": { "name": "openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le", "product_id": "openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le", "product": { "name": "openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le", "product_id": "openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-proxy\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le", "product": { "name": "openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le", "product_id": "openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-leader-elector-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le", "product": { "name": "openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le", "product_id": "openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le", "product": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le", "product_id": "openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-metering-helm-container-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le", "product": { "name": "openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le", "product_id": "openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le", "product": { "name": "openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le", "product_id": "openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le", "product": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le", "product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le", "product": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le", "product_id": "openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le", "product": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le", "product_id": "openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le", "product": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le", "product_id": "openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-operator-must-gather\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le", "product": { "name": "openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le", "product_id": "openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.6.0-202104221811.p0" } } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le", "product": { "name": "openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le", "product_id": "openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.6.0-202104221811.p0" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le" }, "product_reference": "openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x" }, "product_reference": "openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64" }, "product_reference": "openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le" }, "product_reference": "openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x" }, "product_reference": "openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64" }, "product_reference": "openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x" }, "product_reference": "openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64" }, "product_reference": "openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le" }, "product_reference": "openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x" }, "product_reference": "openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64" }, "product_reference": "openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le" }, "product_reference": "openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64" }, "product_reference": "openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x" }, "product_reference": "openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le" }, "product_reference": "openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le" }, "product_reference": "openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x" }, "product_reference": "openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64" }, "product_reference": "openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le" }, "product_reference": "openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64" }, "product_reference": "openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x" }, "product_reference": "openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x" }, "product_reference": "openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64" }, "product_reference": "openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le" }, "product_reference": "openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le" }, "product_reference": "openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64" }, "product_reference": "openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x" }, "product_reference": "openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64" }, "product_reference": "openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x" }, "product_reference": "openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le" }, "product_reference": "openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64" }, "product_reference": "openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x" }, "product_reference": "openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le" }, "product_reference": "openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64" }, "product_reference": "openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64" }, "product_reference": "openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le" }, "product_reference": "openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x" }, "product_reference": "openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x" }, "product_reference": "openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le" }, "product_reference": "openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64" }, "product_reference": "openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64" }, "product_reference": "openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le" }, "product_reference": "openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x" }, "product_reference": "openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x" }, "product_reference": "openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le" }, "product_reference": "openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64" }, "product_reference": "openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x" }, "product_reference": "openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le" }, "product_reference": "openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64" }, "product_reference": "openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64" }, "product_reference": "openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le" }, "product_reference": "openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x" }, "product_reference": "openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x" }, "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64" }, "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le" }, "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64" }, "product_reference": "openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le" }, "product_reference": "openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x" }, "product_reference": "openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le" }, "product_reference": "openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x" }, "product_reference": "openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64" }, "product_reference": "openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64" }, "product_reference": "openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x" }, "product_reference": "openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le" }, "product_reference": "openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64" }, "product_reference": "openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64" }, "product_reference": "openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64" }, "product_reference": "openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64" }, "product_reference": "openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64" }, "product_reference": "openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le" }, "product_reference": "openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64" }, "product_reference": "openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x" }, "product_reference": "openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le" }, "product_reference": "openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x" }, "product_reference": "openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64" }, "product_reference": "openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x" }, "product_reference": "openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64" }, "product_reference": "openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le" }, "product_reference": "openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x" }, "product_reference": "openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le" }, "product_reference": "openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x" }, "product_reference": "openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64" }, "product_reference": "openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64" }, "product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x" }, "product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64" }, "product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64" }, "product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x" }, "product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x" }, "product_reference": "openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x" }, "product_reference": "openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le" }, "product_reference": "openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64" }, "product_reference": "openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le" }, "product_reference": "openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x" }, "product_reference": "openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64" }, "product_reference": "openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le", "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x", "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le", "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x", "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-05T08:06:22+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1429" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:0ce00fcce0726c816928d9c63e122be31fb7e825af384bc9bc6c8be9ebd7965b_ppc64le", "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:2f81a9d6098945caf43e4f194b10e20287fb9c9a6f946cf9b545e5bcc8b97480_s390x", "8Base-RHOSE-4.6:openshift4/driver-toolkit-rhel8@sha256:63784975dfa8c3df07e3d4c2738d705cd8914ac2476a156e05e11bb0504c1159_amd64", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:128ed480e58d7bc9e5b46e62d1fe51efc8e2db96f1d74631655f46e8185a8f59_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:79a98ec9947f40458af412feaec4bb6e186defeaed9b8706346717597c43b5db_s390x", "8Base-RHOSE-4.6:openshift4/ose-ansible-operator@sha256:f3fe46f688e98aea542c38c40c16c97b45d1311260f3c87ddcab2ad707007d7f_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:56a406c60f5cd416fe54b5c13d6ed3e34bc18892c54634f8252e4fb057e7b2fe_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:756fc9b46141b06533e4d1f629749eb3077d1b2aa78d941550be1fefdf836e27_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity@sha256:9c158955097c3e2102a0224558ad9a0007e15a63f9821951f60eec82ccca5904_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:1d1d9e1febf6734249627f898c1d4e049c7b23b1f79905d4fae333dde6d49a70_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:7e663a120f1eba8d5ae7614c6d5e5b6f110ad17b954cadd876dedd7a77d1afc9_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e8ab3f1b4efaaee4c048768a6e7d949071b999ad75965dac4cc51cad01eed08e_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:2430d6dac65f772dcc5605693bc35a178f2a989bc5b8de21a1efe3b7e5954048_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:7eb28beb3b0694b5e916f5e71b5939c47aaed9db4ac98cb0b34c56511ecb7773_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:dedc9ced6cadf8eb355b4dee118456053c44151f78489393230710fff5360c9f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:739ca97189a526f9d8db3ad6ad36bbf45d1da81f8f7b6d401eef1aadeb6fae16_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:b9782c0f9549a7abae61d81135d49cf35bc46c17a2eea73612872c0de8c42a85_s390x", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator@sha256:e9c400cfeab1c9878ae537f56c1f11ac646534e89493fb7cc75425cfec639397_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:132d7c2eebee9023a76d87fd4c4520e24fad3b0ff9db3c30bceaa56a19493354_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:26fa1be6c37710d08c484f6f0f38f2aa0b339f348b422bdc3e2c333850591edf_s390x", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5da9f9d88bd70346f28553d703d6423907a40a2a748d7e9a091450d6a18e12b5_amd64", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:1dc93a8fa2b9d533ed15f02d63d15715113f0e0ccffd33d52bd3c8c2502ddc69_s390x", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:8214214ef887ca8ee363a438cbff051460b3a7192ff953f09a8220b71dc4736e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8@sha256:e22a9f89ea07245c5c778b93555dd66d5fcf2e467f0a4090d3c2872cb4d14e15_amd64", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:35d26a7ba6aa006ebe3469e2473f19de4e065b4b13ea87796fda8ec9b8e23916_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:63d66b8e1644365d4f7c3576d0b61cc0712bb08ea30e1fac76a5317f1b65cf53_s390x", "8Base-RHOSE-4.6:openshift4/ose-descheduler@sha256:80e60d3ff00b46037b816fe86b46d7f53be4a0bc961b457c3919d93a2bf28212_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:33eeae0fb6c9aa06be4a9829d377ab77c4d3c73faa7870588524bfa25ed864cf_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:5f79bcd4607361329d07e93000ba0b9abd1353fbf41a9827bba6d6b060b46f24_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:e7db6615e3172233b4782b798f2ac18007ec25792580e33b033feeffc2167bd6_s390x", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:2ea63dc5240cd8552a5a25be095fbf2d0289a57aaf29b5d66b9eb6a417c62749_s390x", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:65e415a10edc3cf3e338980cb51a67b2871999aa992d15e609392e22705257e2_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy@sha256:cd3491cfe6e470e503c4b4c6d0f0b4a1c9b071025159b8a8a8fec4f29ba654ba_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:3c728a860be69a53b58f2fa6f3c07a314b3bc1bacec1aeb8cf3c06b8aa30bca0_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:7f2ca932c8c37217433462dc91549360a673af5f41cd2e20d7d07729d4021ecd_amd64", "8Base-RHOSE-4.6:openshift4/ose-egress-router@sha256:982ea4ba6bd14a4f20abf65c469d97965411d8e0c2f5ddf789faeebdaba97091_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:1af310f95afbeae71298fb0f7781f47177b8252bca0997cd910abe8655e52bd3_amd64", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:36ff02ca1d12ced17bc58814c2c822d94b354903f3a24149e6a76ba010f2b7dc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:98d7202f27f405040d12e88f52a351498e0f987a60d18ba82948207a08dab85c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:0146f19677e4c3082711ccdc9139067d579fa98965afe5c6fbb766ca4cdd78cf_amd64", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:70092ce321265bf510ecec343df1ab1891046b8d2a141256d4b18da1a9896e09_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy@sha256:89c1abca546b235dd236538f1fc5cbfbb254f7321c0727d82f3efa09d6217c35_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel@sha256:83422238e296bd0d8422c86efe864c8b80e3c212aff070ec7570455ff85bb64b_amd64", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:33ac32934c123eeeacfa2c91fc6efc7899d6c84802d7a4f858060af5dee04946_amd64", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:3a6bdfac8c2641ec46732bcbb8744ba16311e131261f729ae413945464b9d274_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-helm-operator@sha256:e905710d08faea859c7942294ea20bd586a13dec05f605ab0eeac221bc4e25ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:5824f080d61471ed3365de778e48d79502d1b05d44d36726ff2daf67f6f89258_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:7f0065258363ecc6a94ac0f1575e54810a72018ad631280cfb1efdb6f5e2b0e2_s390x", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:fc179aad6f933b651809a372d0b2d5c9bf76c59742751869d2d3be827cace254_amd64", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:211eda190409858da63593fe1e729514a1ab58a6b5a975e5175ef662a236e191_s390x", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:5d003e17aeb3cb4bd696ea936ee127e42d2714b2774899622e5cc18f50efda3b_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8@sha256:a40df80be95bb81bb4fa2139cbaac82048920db4c580d1df9da8424fff3b7fcd_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:0d0235b19d495cddb0cf8aec05d5e8e9313e02a8b93a66db7c295ccc03dcb206_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:3f75b904114bcba8852efc145c3520e018d29023c9d1f114f06e33a572c24f43_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker@sha256:baa1dc2ab7d5bd7509c9fc07d2c24d10db0ae7747947e9a45fbb96e84c24a321_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:3df24f90554ad5fbea61f4240527a2e21933b58367a69b4c942c8e4527ad8578_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:938305bcf54b89b7541f76d3e6a584ce92fadd675036cc86b67eb0ddd11116fb_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator@sha256:a60319e47daacc5f965aec057c60750367656122693c098a320d60a784acfdc3_amd64", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:22114901cc246386441fd183da54cebdf164ad5e6f0a3a3248e81dfbb271f9b7_s390x", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:2ed5270db9a9c68b7f7be6fd73764790134a31d4932bc6617b1edca3313be1b1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner@sha256:7fcd6e7ba7c369f6ee8d59facdb467f731b1882aabe6784b73b0b683cbd67e42_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:691eefe301f240556a19af8da8bca44f941111a01d354cc07602847aaee7c6d8_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d571cd748d6d319ad38e42818910d80bada01ca8dba445f48547c25c493b3497_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:f544c5250a80f31f06ac307886284a69e5a34cdf5bebe935c8b55ac00545c6b0_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:26f7cf4885083db6a1744dc2adf1208c3a88c62e31032f94cccede71619fef6b_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:6ed45c4451144ca4ba21cd9c22eba28ea38cad70635c7518c90db83a9d90ee3e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter@sha256:ba71a8159a2ff94bdc5a09c5b4f3245dd00b0afdab5092f5424fe2a81dad7700_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:4575abc602c69e9a25da2c78713a82e0ab0e0ea9c4c4579115048125171fcc3f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:7c8e3da40e33c1a197acfda728d032f8895ad5f895457a8f765b647970608ee5_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:ea702de40dfb68c8bfa09f104afff5cc7efb68b49064cc4579621059b8ed6886_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:31ced2fbaa811be53c5c491924527c9db28d2de49c57094f3b17fd8b0deac7d1_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:9d4422c1346be0aa8c567264a46971d41669faa7435dcb51abfbfb65ae5678ff_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f654b869aeb0766e924a288373ff6876718805500c0a0434af318d9e276a85a3_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:32c9260dd9f247d7cfe611fc52118344865432bf0fe2a432a41ff28dad75243f_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:c308d64a897a9ff453c2ced51de470c6ebe003bc626e4234a9aa618665f19682_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:14d100c6ef06870d38765577bc770b79501c0e9357ee69386c9af4b7a7b0ce8c_s390x", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:703580c0ac34b966ee5621b6b63599816bae296185f9d53a365f92aee7e0e9a0_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8@sha256:e153ef4c7a7e66f752bd108b3e7236eb5fb93ff4eee6900587f5cb9b9db94fc5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-hive@sha256:964e030d0bcb02a56d1a4bac9c6b9d1bc35c817209d842f30a922260e345f923_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:454939b7cba1753b672d97b30ae4d5ecc1e05ce45a711c5186d1380619171cba_amd64", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator@sha256:1d485e5075738c6654d9912bc597035b8a9a7789a000f3e69bfaf65c3c26d855_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:377c58690c99638b926ac6a0bf1e2607947b25fdcc378823547e7eddfcf3a5f1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:4bc76031e3234a0d224c527428d919dda7b79c61f01ae6f20317a932e88352ee_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery@sha256:9542e7728d341822135092e033376b361c7c874f4e60ce397c5c8fe5df35d57b_s390x", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:6f0833d076c659f123fb45e9f80abd719a71784a7c3b2b2d0d6dc8706047b236_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:bcad9d4008cbc4e3f95d96fb987faff2cacf436282c7cd160df29538d9e8a5d2_amd64", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8@sha256:fa6fa6a52969712a681a431b5b49611f707f5092fdaf942b303faedbbe0fc80d_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:1509fcc4423572ceea5fefc87a99c32b366388f28910627623461dffab1e40c7_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:584453429782b6d6f19fca475ac22d7a218890345c08fdd88308c518e6332afa_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator@sha256:5d9616304126996aaba3002f927570c3d43846d41e1ba17c5faf6d5e341f59b8_amd64", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:657bae3d701abad4274dce4fc2857d5b1849285c288581b55890f556c126a048_s390x", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:ad14d92aa55f690235c6c215ab464de9dddab531df57fae8b12ebbfcb6e6b795_amd64", "8Base-RHOSE-4.6:openshift4/ose-ptp@sha256:e94444c12d01d09e7a91a1e3adf9aea2a572be6d48e1d03be2918f03568cfe60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:30123c8363cec6a2d7d1603a0d8b454f42a5a714d6cd170f189622c7eca4716d_amd64", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:8580b3d4e1bfe9fe709693cffebf9b39242615570477fb38f55d22ec74e4a76a_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8@sha256:c7d7e0d0a4d5528e1fc4ba5aebb34b77b2e8deead8eb6548bcfd548dd25bbfb6_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:0e8ddcf3b9f47774b5f2481b58a7dfa77b274b778ee3d4edd3b6a3609e78af56_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:1849754dd54209dca95054b76648add860e3f6d92b8787cfdd67434b82117029_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni@sha256:fa79983c3f8d97ebd63e67bfecb88b6e4ed026ce222d0bb74075182b77b34e77_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:01afe00e795a27ecfae08cd7741d69ae5ba41f395f15e2bb089a02f5e2ac86af_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:74bd2a19a0d8faf3e24e70d46480c97649afa8a5f7ccac085e51683ac6dce649_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller@sha256:b85e5433c58c0317eaf9c15230f3d2e40d50ede646158052111bd62108003dd1_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:70391ff090869548ae8ad89b88416f72e6a698801226d6c718caa0257e6ed487_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:a6872cca86314444a215bdc90b1cac3aec71888d81bc359d5d72d4b36a20438e_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni@sha256:f2c63e489e2ea6bff6f4cc3fee5bef31c387d936be4b6c3f95cef1de2d4b0197_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:30f831eecf3386ccfb948fdb6316ac33e952ffbd2192693e22d498cf90d85ceb_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:e5a7f26b1fbdcb8d99a991c444061a6bab57067753b451ecbd37878874bb65e1_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon@sha256:fb92b7ee2b606abd057e28731ab9481e49beedc99cb2d0602cd65826c2fba35f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:365b87dba82fba19947f8f636777ed6efe49162e1de5a40a0e91d2ebd91a6c90_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:f980f40f3ba04dc87f6c7b2d90b1825a289d6a13ea829b562dd34f6b69587ccb_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin@sha256:fa0bd73fb46cc65e023271711878cf40ed4f61a071f78d3b5e3a4c942a72ebfd_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:2ec4e251b574026357f02eacab43cf71779ed1a40b3deec4030cfa789d2e8e57_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:97d773ea7bdc285599a17d06055f805d50d93388037d1e2d2d20641d06d532d1_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator@sha256:c5034eacb8a443e162b64480f7ff60c803875f1a5ec251512941276fae3c9b77_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:1a9a0819e959a5be9e57bc248e908ff913bbaea364c92f1e55785f25a1d8aa13_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:3199d6e27e0a97ace3094cba5d6fe905c1c2a88fbaef36ca80ff18c311a44d08_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook@sha256:d0fc9250129fb45d412288639204edd31dca0232bf10d7d2b90fc863ccd0de95_amd64", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:550ea69fb0b2c066eed93e701560d03118a411bc18c027be70fc10fb4cd3a39f_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:b252820d0c1171b201c85f3805d89b7fb24efd52197ef8c81a51075bdfcff50c_s390x", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather@sha256:e454ac429c7d0bc334c13bed05794c7090c41651003090cd9a62a9bb32eb79f9_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:09bab01bdecf626285038b943d12a95213b2944bb0e97ee0cb6f4db2e5403c92_s390x", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:63e6b031aed0792a397b8569d35618e9d60cc4ec58e37bf80d11a3495a6b871d_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b384954b36c27f969a9025faa8f83c0390fe05fb25327b3aa7d117658e8e6843_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:cc558bf2a67f1649f374fefa1de560269331fc3c95c0968865c976f1d8cd53cd_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:ef90b5add632d9447a05ca132c4b343aa4e5d4edbcdb5c3132287a95b32be3c8_amd64", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:fa8b0c4d03b351517113089f42a72a5af9731c9e51200a9a17a29efef220e884_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:031e85ccdaa743f3ddba39c2985465864ee2589bc064d5aba0ea645768c7f938_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9e0f65e4ab8c020ee349375bc0ab52375020e84c306f506b44ab4a0d5b0fa785_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:b028297ab68faab088b58bf0cc06caf9c0c1c7dc39bcddeb6d5f034858d018b4_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_5533
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.4 serves as a replacement for Red Hat Single Sign-On 7.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* redhat-sso-7-openshift-containers: /etc/passwd is given incorrect privileges (CVE-2020-10695)\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n* keycloak: Account REST API can update user metadata attributes (CVE-2020-27826)\n* keycloak-nodejs-connect: nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5533", "url": "https://access.redhat.com/errata/RHSA-2020:5533" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1817530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530" }, { "category": "external", "summary": "1848647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "1905089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905089" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5533.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 security update", "tracking": { "current_release_date": "2024-11-15T07:26:44+00:00", "generator": { "date": "2024-11-15T07:26:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:5533", "initial_release_date": "2020-12-15T17:14:01+00:00", "revision_history": [ { "date": "2020-12-15T17:14:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-12-15T17:14:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:26:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Text-Only RHSSO", "product": { "name": "Text-Only RHSSO", "product_id": "Text-Only RHSSO", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Joseph LaMagna-Reiter" ], "organization": "SPR Inc." } ], "cve": "CVE-2020-10695", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1817530" } ], "notes": [ { "category": "description", "text": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "containers/redhat-sso-7: /etc/passwd is given incorrect privileges", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHSSO" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10695" }, { "category": "external", "summary": "RHBZ#1817530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530" }, { "category": "external", "summary": "RHSB-4859371", "url": "https://access.redhat.com/articles/4859371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10695" } ], "release_date": "2020-01-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-15T17:14:01+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHSSO" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only RHSSO" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "containers/redhat-sso-7: /etc/passwd is given incorrect privileges" }, { "cve": "CVE-2020-13822", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2020-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848647" } ], "notes": [ { "category": "description", "text": "The Elliptic for Node.js allows ECDSA signature malleability via variations in encoding, leading \u0027\\0\u0027 bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures", "title": "Vulnerability summary" }, { "category": "other", "text": "In both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the grafana and prometheus containers don\u0027t use the vulnerable elliptic library for authentication (OpenShift OAuth is used) or traffic communications (OpenShift route is used). Therefore the impact for OCP and OSSM is Low.\n\nRed Hat Quay includes nodejs-elliptic as a dependency of webpack. That dependency is only used at development time, not runtime. Therefore this vulnerability is rated low for Red Hat Quay.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHSSO" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13822" }, { "category": "external", "summary": "RHBZ#1848647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13822", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13822" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484", "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484" } ], "release_date": "2020-06-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-15T17:14:01+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHSSO" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "Text-Only RHSSO" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures" }, { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHSSO" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-15T17:14:01+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHSSO" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5533" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "Text-Only RHSSO" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Text-Only RHSSO" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHSSO" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-15T17:14:01+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHSSO" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5533" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Text-Only RHSSO" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Text-Only RHSSO" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-27826", "cwe": { "id": "CWE-250", "name": "Execution with Unnecessary Privileges" }, "discovery_date": "2020-12-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1905089" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user\u0027s metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Account REST API can update user metadata attributes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHSSO" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27826" }, { "category": "external", "summary": "RHBZ#1905089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905089" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27826", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27826" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27826", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27826" } ], "release_date": "2020-12-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-15T17:14:01+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Text-Only RHSSO" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHSSO" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Account REST API can update user metadata attributes" } ] }
rhsa-2021_2476
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Decision Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model \u0026 Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988)\n\n* xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)\n\n* xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)\n\n* xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)\n\n* xstream: ReDoS vulnerability (CVE-2021-21348)\n\n* xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)\n\n* xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)\n\n* xstream: SSRF via crafted input stream (CVE-2021-21342)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347)\n\n* xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345)\n\n* xstream: arbitrary code execution via crafted input stream (CVE-2021-21344)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2476", "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "1908832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832" }, { "category": "external", "summary": "1908837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837" }, { "category": "external", "summary": "1933816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933816" }, { "category": "external", "summary": "1942539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539" }, { "category": "external", "summary": "1942545", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545" }, { "category": "external", "summary": "1942550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550" }, { "category": "external", "summary": "1942554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554" }, { "category": "external", "summary": "1942558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558" }, { "category": "external", "summary": "1942578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578" }, { "category": "external", "summary": "1942629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629" }, { "category": "external", "summary": "1942633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633" }, { "category": "external", "summary": "1942635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635" }, { "category": "external", "summary": "1942637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637" }, { "category": "external", "summary": "1942642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2476.json" } ], "title": "Red Hat Security Advisory: Red Hat Decision Manager 7.11.0 security update", "tracking": { "current_release_date": "2024-11-15T07:32:50+00:00", "generator": { "date": "2024-11-15T07:32:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:2476", "initial_release_date": "2021-06-17T13:15:14+00:00", "revision_history": [ { "date": "2021-06-17T13:15:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-17T13:15:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:32:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHDM 7.11.0", "product": { "name": "RHDM 7.11.0", "product_id": "RHDM 7.11.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.11" } } } ], "category": "product_family", "name": "Red Hat Decision Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-11988", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1933816" } ], "notes": [ { "category": "description", "text": "Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.", "title": "Vulnerability description" }, { "category": "summary", "text": "xmlgraphics-commons: SSRF due to improper input validation by the XMPParser", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw does not affect xmlgraphics-commons as shipped with Red Hat Enterprise Linux 8. It is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about support scope for Red Hat Enterprise Linux, please see https://access.redhat.com/support/policy/updates/errata/ .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11988" }, { "category": "external", "summary": "RHBZ#1933816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933816" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11988", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11988" }, { "category": "external", "summary": "https://xmlgraphics.apache.org/security.html", "url": "https://xmlgraphics.apache.org/security.html" } ], "release_date": "2021-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "RHDM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xmlgraphics-commons: SSRF due to improper input validation by the XMPParser" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "RHDM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" }, { "cve": "CVE-2020-26258", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2020-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1908832" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26258" }, { "category": "external", "summary": "RHBZ#1908832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26258", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26258" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258" } ], "release_date": "2020-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "category": "workaround", "details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);", "product_ids": [ "RHDM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling" }, { "cve": "CVE-2020-26259", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2020-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1908837" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: arbitrary file deletion on the local host when unmarshalling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26259" }, { "category": "external", "summary": "RHBZ#1908837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26259", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26259" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259" } ], "release_date": "2020-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "category": "workaround", "details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);", "product_ids": [ "RHDM 7.11.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: arbitrary file deletion on the local host when unmarshalling" }, { "cve": "CVE-2021-21341", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942539" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21341" }, { "category": "external", "summary": "RHBZ#1942539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21341", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21341" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream" }, { "cve": "CVE-2021-21342", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942545" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: SSRF via crafted input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21342" }, { "category": "external", "summary": "RHBZ#1942545", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21342", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21342" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: SSRF via crafted input stream" }, { "cve": "CVE-2021-21343", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942550" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: arbitrary file deletion on the local host via crafted input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21343" }, { "category": "external", "summary": "RHBZ#1942550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21343", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21343" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: arbitrary file deletion on the local host via crafted input stream" }, { "cve": "CVE-2021-21344", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942554" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21344" }, { "category": "external", "summary": "RHBZ#1942554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21344", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21344" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet" }, { "cve": "CVE-2021-21345", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942558" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21345" }, { "category": "external", "summary": "RHBZ#1942558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21345", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry" }, { "cve": "CVE-2021-21346", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942578" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21346" }, { "category": "external", "summary": "RHBZ#1942578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21346", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue" }, { "cve": "CVE-2021-21347", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942629" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21347" }, { "category": "external", "summary": "RHBZ#1942629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21347", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21347" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator" }, { "cve": "CVE-2021-21348", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942633" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: ReDoS vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21348" }, { "category": "external", "summary": "RHBZ#1942633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21348", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: ReDoS vulnerability" }, { "cve": "CVE-2021-21349", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942635" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21349" }, { "category": "external", "summary": "RHBZ#1942635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21349", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host" }, { "cve": "CVE-2021-21350", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942637" } ], "notes": [ { "category": "description", "text": "A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21350" }, { "category": "external", "summary": "RHBZ#1942637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21350", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21350" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader" }, { "cve": "CVE-2021-21351", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1942642" } ], "notes": [ { "category": "description", "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHDM 7.11.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21351" }, { "category": "external", "summary": "RHBZ#1942642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21351", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21351" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351" } ], "release_date": "2021-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-17T13:15:14+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHDM 7.11.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHDM 7.11.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream" } ] }
rhsa-2020_5361
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Thorntail.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Thorntail 2.7.2 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)\n\n* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used \n(CVE-2020-25638)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5361", "url": "https://access.redhat.com/errata/RHSA-2020:5361" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.2" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/" }, { "category": "external", "summary": "1848533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533" }, { "category": "external", "summary": "1860054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054" }, { "category": "external", "summary": "1860218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5361.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Thorntail 2.7.2 security and bug fix update", "tracking": { "current_release_date": "2024-11-15T07:26:39+00:00", "generator": { "date": "2024-11-15T07:26:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:5361", "initial_release_date": "2020-12-16T07:20:21+00:00", "revision_history": [ { "date": "2020-12-16T07:20:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-12-16T07:20:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:26:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Text-Only RHOAR", "product": { "name": "Text-Only RHOAR", "product_id": "Text-Only RHOAR", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Darran Lofthouse" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-14299", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2020-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848533" } ], "notes": [ { "category": "description", "text": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14299" }, { "category": "external", "summary": "RHBZ#1848533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14299", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299" } ], "release_date": "2020-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-16T07:20:21+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5361" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass" }, { "cve": "CVE-2020-14338", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-07-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1860054" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14338" }, { "category": "external", "summary": "RHBZ#1860054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338" } ], "release_date": "2020-08-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-16T07:20:21+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5361" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl" }, { "acknowledgments": [ { "names": [ "Masafumi Miura" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-14340", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1860218" } ], "notes": [ { "category": "description", "text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14340" }, { "category": "external", "summary": "RHBZ#1860218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14340" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340" } ], "release_date": "2020-07-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-16T07:20:21+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5361" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS" }, { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-16T07:20:21+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5361" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only RHOAR" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-16T07:20:21+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only RHOAR" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5361" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Text-Only RHOAR" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Text-Only RHOAR" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_4379
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Eclipse Vert.x.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)(CVE-2020-25649)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4379", "url": "https://access.redhat.com/errata/RHSA-2020:4379" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=3.9.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=3.9.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4379.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 3.9.4 security update", "tracking": { "current_release_date": "2024-11-15T07:26:13+00:00", "generator": { "date": "2024-11-15T07:26:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:4379", "initial_release_date": "2020-11-09T18:26:24+00:00", "revision_history": [ { "date": "2020-11-09T18:26:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-11-09T18:26:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:26:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Vert.x 3.9.4", "product": { "name": "Vert.x 3.9.4", "product_id": "Vert.x 3.9.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Vert.x 3.9.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-09T18:26:24+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Vert.x 3.9.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4379" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Vert.x 3.9.4" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Vert.x 3.9.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_5342
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5342", "url": "https://access.redhat.com/errata/RHSA-2020:5342" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "JBEAP-20029", "url": "https://issues.redhat.com/browse/JBEAP-20029" }, { "category": "external", "summary": "JBEAP-20089", "url": "https://issues.redhat.com/browse/JBEAP-20089" }, { "category": "external", "summary": "JBEAP-20119", "url": "https://issues.redhat.com/browse/JBEAP-20119" }, { "category": "external", "summary": "JBEAP-20161", "url": "https://issues.redhat.com/browse/JBEAP-20161" }, { "category": "external", "summary": "JBEAP-20223", "url": "https://issues.redhat.com/browse/JBEAP-20223" }, { "category": "external", "summary": "JBEAP-20239", "url": "https://issues.redhat.com/browse/JBEAP-20239" }, { "category": "external", "summary": "JBEAP-20246", "url": "https://issues.redhat.com/browse/JBEAP-20246" }, { "category": "external", "summary": "JBEAP-20285", "url": "https://issues.redhat.com/browse/JBEAP-20285" }, { "category": "external", "summary": "JBEAP-20300", "url": "https://issues.redhat.com/browse/JBEAP-20300" }, { "category": "external", "summary": "JBEAP-20325", "url": "https://issues.redhat.com/browse/JBEAP-20325" }, { "category": "external", "summary": "JBEAP-20364", "url": "https://issues.redhat.com/browse/JBEAP-20364" }, { "category": "external", "summary": "JBEAP-20368", "url": "https://issues.redhat.com/browse/JBEAP-20368" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5342.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "tracking": { "current_release_date": "2024-11-15T07:26:02+00:00", "generator": { "date": "2024-11-15T07:26:02+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:5342", "initial_release_date": "2020-12-03T19:18:34+00:00", "revision_history": [ { "date": "2020-12-03T19:18:34+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-12-03T19:18:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:26:02+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product": { "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.32-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.11-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.21-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.21-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-6.redhat_00016.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.10-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.10-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-3.Final_redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-3.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-3.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "product": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "product_id": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.6.0-1.redhat_00006.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.4-3.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.4-3.GA_redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.4-3.GA_redhat_00003.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.11-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.32-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.19-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.9-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.2.11-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.21-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-6.redhat_00016.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.10-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-3.Final_redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-3.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "product": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "product_id": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.6.0-1.redhat_00006.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "product_id": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.4-3.GA_redhat_00003.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch" }, "product_reference": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src" }, "product_reference": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:18:34+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5342" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25644", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1885485" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25644" }, { "category": "external", "summary": "RHBZ#1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644" } ], "release_date": "2020-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:18:34+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5342" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:18:34+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5342" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap.src", "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-6.redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-marshalling-river-0:2.0.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-3.Final_redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.4-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_4401
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4401", "url": "https://access.redhat.com/errata/RHSA-2020:4401" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4401.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update", "tracking": { "current_release_date": "2024-11-15T07:25:51+00:00", "generator": { "date": "2024-11-15T07:25:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:4401", "initial_release_date": "2020-10-28T21:11:53+00:00", "revision_history": [ { "date": "2020-10-28T21:11:53+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-10-28T21:11:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:25:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product": { "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-28T21:11:53+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4401" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el6eap.src", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el7eap.src", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00002.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2020_5344
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5344", "url": "https://access.redhat.com/errata/RHSA-2020:5344" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "JBEAP-20029", "url": "https://issues.redhat.com/browse/JBEAP-20029" }, { "category": "external", "summary": "JBEAP-20089", "url": "https://issues.redhat.com/browse/JBEAP-20089" }, { "category": "external", "summary": "JBEAP-20119", "url": "https://issues.redhat.com/browse/JBEAP-20119" }, { "category": "external", "summary": "JBEAP-20161", "url": "https://issues.redhat.com/browse/JBEAP-20161" }, { "category": "external", "summary": "JBEAP-20239", "url": "https://issues.redhat.com/browse/JBEAP-20239" }, { "category": "external", "summary": "JBEAP-20246", "url": "https://issues.redhat.com/browse/JBEAP-20246" }, { "category": "external", "summary": "JBEAP-20285", "url": "https://issues.redhat.com/browse/JBEAP-20285" }, { "category": "external", "summary": "JBEAP-20300", "url": "https://issues.redhat.com/browse/JBEAP-20300" }, { "category": "external", "summary": "JBEAP-20325", "url": "https://issues.redhat.com/browse/JBEAP-20325" }, { "category": "external", "summary": "JBEAP-20364", "url": "https://issues.redhat.com/browse/JBEAP-20364" }, { "category": "external", "summary": "JBEAP-20368", "url": "https://issues.redhat.com/browse/JBEAP-20368" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5344.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "tracking": { "current_release_date": "2024-11-15T07:26:09+00:00", "generator": { "date": "2024-11-15T07:26:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:5344", "initial_release_date": "2020-12-03T19:13:10+00:00", "revision_history": [ { "date": "2020-12-03T19:13:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-12-03T19:13:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:26:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25638", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1881353" } ], "notes": [ { "category": "description", "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25638" }, { "category": "external", "summary": "RHBZ#1881353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638" } ], "release_date": "2020-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:13:10+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5344" }, { "category": "workaround", "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used" }, { "cve": "CVE-2020-25644", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1885485" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25644" }, { "category": "external", "summary": "RHBZ#1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644" } ], "release_date": "2020-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:13:10+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5344" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL" }, { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-12-03T19:13:10+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5344" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
rhsa-2021_1260
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Streams 1.7.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.7.0 serves as a replacement for Red Hat AMQ Streams 1.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1260", "url": "https://access.redhat.com/errata/RHSA-2021:1260" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.7.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.7.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/", "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/" }, { "category": "external", "summary": "1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1260.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.7.0 release and security update", "tracking": { "current_release_date": "2024-11-15T07:30:59+00:00", "generator": { "date": "2024-11-15T07:30:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:1260", "initial_release_date": "2021-04-19T18:03:53+00:00", "revision_history": [ { "date": "2021-04-19T18:03:53+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-19T18:03:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:30:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat AMQ Streams 1.7.0", "product": { "name": "Red Hat AMQ Streams 1.7.0", "product_id": "Red Hat AMQ Streams 1.7.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_streams:1" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2020-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887664" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)", "title": "Vulnerability summary" }, { "category": "other", "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 1.7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25649" }, { "category": "external", "summary": "RHBZ#1887664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2589", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" } ], "release_date": "2020-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-19T18:03:53+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 1.7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1260" }, { "category": "workaround", "details": "There is currently no known mitigation for this flaw.", "product_ids": [ "Red Hat AMQ Streams 1.7.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 1.7.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)" } ] }
wid-sec-w-2022-1375
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1375 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json" }, { "category": "self", "summary": "WID-SEC-2022-1375 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14", "url": "https://access.redhat.com/errata/RHSA-2023:5165" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities vom 2022-09-11", "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities", "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5776-1 vom 2022-12-13", "url": "https://ubuntu.com/security/notices/USN-5776-1" } ], "source_lang": "en-US", "title": "JFrog Artifactory: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-09-14T22:00:00.000+00:00", "generator": { "date": "2024-02-15T16:58:09.779+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1375", "initial_release_date": "2022-09-11T22:00:00.000+00:00", "revision_history": [ { "date": "2022-09-11T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-10-03T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates aufgenommen" }, { "date": "2022-10-04T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-12T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-12-20T23:00:00.000+00:00", "number": "5", "summary": "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE" }, { "date": "2023-09-14T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "6" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "JFrog Artifactory", "product": { "name": "JFrog Artifactory", "product_id": "T024527", "product_identification_helper": { "cpe": "cpe:/a:jfrog:artifactory:-" } } }, { "category": "product_name", "name": "JFrog Artifactory \u003c 7.46.3", "product": { "name": "JFrog Artifactory \u003c 7.46.3", "product_id": "T024764", "product_identification_helper": { "cpe": "cpe:/a:jfrog:artifactory:7.46.3" } } } ], "category": "product_name", "name": "Artifactory" } ], "category": "vendor", "name": "JFrog" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4517", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2013-4517" }, { "cve": "CVE-2013-7285", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2013-7285" }, { "cve": "CVE-2014-0107", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-0107" }, { "cve": "CVE-2014-0114", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-0114" }, { "cve": "CVE-2014-3577", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-3577" }, { "cve": "CVE-2014-3623", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-3623" }, { "cve": "CVE-2015-0227", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-0227" }, { "cve": "CVE-2015-2575", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-2575" }, { "cve": "CVE-2015-3253", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-3253" }, { "cve": "CVE-2015-4852", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-4852" }, { "cve": "CVE-2015-7940", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-7940" }, { "cve": "CVE-2016-10750", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-10750" }, { "cve": "CVE-2016-3092", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-3092" }, { "cve": "CVE-2016-3674", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-3674" }, { "cve": "CVE-2016-6501", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-6501" }, { "cve": "CVE-2016-8735", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-8735" }, { "cve": "CVE-2016-8745", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-8745" }, { "cve": "CVE-2017-1000487", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-1000487" }, { "cve": "CVE-2017-15095", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-15095" }, { "cve": "CVE-2017-17485", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-17485" }, { "cve": "CVE-2017-18214", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-18214" }, { "cve": "CVE-2017-18640", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-18640" }, { "cve": "CVE-2017-7525", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-7525" }, { "cve": "CVE-2017-7657", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-7657" }, { "cve": "CVE-2017-7957", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-7957" }, { "cve": "CVE-2017-9506", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-9506" }, { "cve": "CVE-2018-1000206", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2018-1000206" }, { "cve": "CVE-2018-9116", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2018-9116" }, { "cve": "CVE-2019-10219", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-10219" }, { "cve": "CVE-2019-12402", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-12402" }, { "cve": "CVE-2019-17359", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-17359" }, { "cve": "CVE-2019-17571", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-17571" }, { "cve": "CVE-2019-20104", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-20104" }, { "cve": "CVE-2020-11996", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-11996" }, { "cve": "CVE-2020-13934", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-13934" }, { "cve": "CVE-2020-13935", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-13935" }, { "cve": "CVE-2020-13949", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-13949" }, { "cve": "CVE-2020-14340", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-14340" }, { "cve": "CVE-2020-15586", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-15586" }, { "cve": "CVE-2020-1745", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-1745" }, { "cve": "CVE-2020-17521", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-17521" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-28500", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-28500" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-7226", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-7226" }, { "cve": "CVE-2020-7692", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-7692" }, { "cve": "CVE-2020-8203", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-8203" }, { "cve": "CVE-2021-13936", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-13936" }, { "cve": "CVE-2021-21290", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-21290" }, { "cve": "CVE-2021-22060", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22060" }, { "cve": "CVE-2021-22112", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22112" }, { "cve": "CVE-2021-22119", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22119" }, { "cve": "CVE-2021-22147", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22147" }, { "cve": "CVE-2021-22148", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22148" }, { "cve": "CVE-2021-22149", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22149" }, { "cve": "CVE-2021-22573", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22573" }, { "cve": "CVE-2021-23337", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-23337" }, { "cve": "CVE-2021-25122", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-25122" }, { "cve": "CVE-2021-26291", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-26291" }, { "cve": "CVE-2021-27568", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-27568" }, { "cve": "CVE-2021-29505", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-29505" }, { "cve": "CVE-2021-30129", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-30129" }, { "cve": "CVE-2021-33037", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-33037" }, { "cve": "CVE-2021-35550", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35550" }, { "cve": "CVE-2021-35556", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35556" }, { "cve": "CVE-2021-35560", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35560" }, { "cve": "CVE-2021-35561", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35561" }, { "cve": "CVE-2021-35564", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35564" }, { "cve": "CVE-2021-35565", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35565" }, { "cve": "CVE-2021-35567", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35567" }, { "cve": "CVE-2021-35578", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35578" }, { "cve": "CVE-2021-35586", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35586" }, { "cve": "CVE-2021-35588", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35588" }, { "cve": "CVE-2021-35603", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35603" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-3765", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-3765" }, { "cve": "CVE-2021-3807", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-3807" }, { "cve": "CVE-2021-38561", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-38561" }, { "cve": "CVE-2021-3859", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-3859" }, { "cve": "CVE-2021-41090", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-41090" }, { "cve": "CVE-2021-41091", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-41091" }, { "cve": "CVE-2021-42340", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-42340" }, { "cve": "CVE-2021-42550", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-42550" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-43797" }, { "cve": "CVE-2022-0536", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-0536" }, { "cve": "CVE-2022-22963", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-22963" }, { "cve": "CVE-2022-23632", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-23632" }, { "cve": "CVE-2022-23648", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-23648" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-24769", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-24769" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-29153", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-29153" }, { "cve": "CVE-2022-32212", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32212" }, { "cve": "CVE-2022-32213", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32213" }, { "cve": "CVE-2022-32214", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32214" }, { "cve": "CVE-2022-32215", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32215" }, { "cve": "CVE-2022-32223", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32223" } ] }
wid-sec-w-2022-0616
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um Dateien zu manipulieren und vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0616 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0616.json" }, { "category": "self", "summary": "WID-SEC-2022-0616 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0616" }, { "category": "external", "summary": "IBM Security Bulletin 6958056 vom 2023-02-24", "url": "https://www.ibm.com/support/pages/node/6958056" }, { "category": "external", "summary": "IBM Security Advisory vom 2022-07-07", "url": "https://www.ibm.com/support/pages/node/6601919" }, { "category": "external", "summary": "IBM Security Advisory vom 2022-07-07", "url": "https://www.ibm.com/support/pages/node/6601921" } ], "source_lang": "en-US", "title": "IBM Tivoli Network Manager: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-02-23T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:52:29.918+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0616", "initial_release_date": "2022-07-07T22:00:00.000+00:00", "revision_history": [ { "date": "2022-07-07T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-02-23T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Tivoli Network Manager \u003c 4.2.0-TIV-ITNMIP-Linux-FP0015", "product": { "name": "IBM Tivoli Network Manager \u003c 4.2.0-TIV-ITNMIP-Linux-FP0015", "product_id": "T023763", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0-tiv-itnmip-linux-fp0015" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager \u003c 4.2.0-TIV-ITNMIP-zLinux-FP0015", "product": { "name": "IBM Tivoli Network Manager \u003c 4.2.0-TIV-ITNMIP-zLinux-FP0015", "product_id": "T023764", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0-tiv-itnmip-zlinux-fp0015" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager \u003c 4.2.0-TIV-ITNMIP-AIX-FP0015", "product": { "name": "IBM Tivoli Network Manager \u003c 4.2.0-TIV-ITNMIP-AIX-FP0015", "product_id": "T023765", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0-tiv-itnmip-aix-fp0015" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager 4.2.0", "product": { "name": "IBM Tivoli Network Manager 4.2.0", "product_id": "T025751", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0" } } } ], "category": "product_name", "name": "Tivoli Network Manager" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in IBM Tivoli Network Manager. Der Fehler besteht in der Komponente FasterXML Jackson Databind aufgrund einer schw\u00e4cheren als der erwarteten Sicherheit, die dadurch entsteht, dass die Entit\u00e4tserweiterung nicht richtig abgesichert ist. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um XML External Entity (XXE) Angriffe zu starten und die Datenintegrit\u00e4t zu beeinflussen." } ], "product_status": { "known_affected": [ "T025751" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2021-28169", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in IBM Tivoli Network Manager. Der Fehler besteht in der Komponente Eclipse Jetty aufgrund eines Fehlers im ConcatServlet. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er eine speziell gestaltete Anfrage mit einem doppelt verschl\u00fcsselten Pfad sendet, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T025751" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-28169" } ] }
wid-sec-w-2024-0090
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Software Collections ausnutzen, um die Integrit\u00e4t zu gef\u00e4hrden", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0090 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2024-0090.json" }, { "category": "self", "summary": "WID-SEC-2024-0090 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0090" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4312 vom 2020-10-22", "url": "https://access.redhat.com/errata/RHSA-2020:4312" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4402 vom 2020-10-28", "url": "https://access.redhat.com/errata/RHSA-2020:4402" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4401 vom 2020-10-28", "url": "https://access.redhat.com/errata/RHSA-2020:4401" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4379 vom 2020-11-09", "url": "https://access.redhat.com/errata/RHSA-2020:4379" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5342 vom 2020-12-03", "url": "https://access.redhat.com/errata/RHSA-2020:5342" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5344 vom 2020-12-03", "url": "https://access.redhat.com/errata/RHSA-2020:5344" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5341 vom 2020-12-03", "url": "https://access.redhat.com/errata/RHSA-2020:5341" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5340 vom 2020-12-03", "url": "https://access.redhat.com/errata/RHSA-2020:5340" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5410 vom 2020-12-14", "url": "https://access.redhat.com/errata/RHSA-2020:5410" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5533 vom 2020-12-15", "url": "https://access.redhat.com/errata/RHSA-2020:5533" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:5361 vom 2020-12-16", "url": "https://access.redhat.com/errata/RHSA-2020:5361" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:0243-1 vom 2021-01-29", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008253.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0381 vom 2021-02-02", "url": "https://access.redhat.com/errata/RHSA-2021:0381" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-111 vom 2021-02-19", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-111/index.html" }, { "category": "external", "summary": "RedHat Security Advisory", "url": "https://access.redhat.com/errata/RHSA-2021:0811" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:0811 vom 2021-03-11", "url": "https://access.redhat.com/errata/RHSA-2021:0811" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1260 vom 2021-04-19", "url": "https://access.redhat.com/errata/RHSA-2021:1260" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1429 vom 2021-05-05", "url": "https://access.redhat.com/errata/RHSA-2021:1429" }, { "category": "external", "summary": "HCL Security Bulletin", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0089838" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2039 vom 2021-05-19", "url": "https://access.redhat.com/errata/RHSA-2021:2039" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2476 vom 2021-06-17", "url": "https://access.redhat.com/errata/RHSA-2021:2476" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2475 vom 2021-06-17", "url": "https://access.redhat.com/errata/RHSA-2021:2475" }, { "category": "external", "summary": "Jira Software Data Center", "url": "https://jira.atlassian.com/browse/JSWSERVER-25461" } ], "source_lang": "en-US", "title": "Red Hat Software Collections: Schwachstelle erm\u00f6glicht XXE", "tracking": { "current_release_date": "2024-01-15T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:29.582+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0090", "initial_release_date": "2020-10-22T22:00:00.000+00:00", "revision_history": [ { "date": "2020-10-22T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2020-10-28T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-11-09T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-12-03T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-12-14T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-12-15T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-01-31T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-02-01T23:00:00.000+00:00", "number": "8", "summary": "Referenz(en) aufgenommen: FEDORA-2021-1D8254899C" }, { "date": "2021-02-02T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-02-21T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2021-03-11T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-04-19T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-05-04T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-05-10T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2021-05-18T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-06-17T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-15T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Atlassian aufgenommen" } ], "status": "final", "version": "17" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Atlassian Jira Software \u003c 9.4.13", "product": { "name": "Atlassian Jira Software \u003c 9.4.13", "product_id": "T031606", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.4.13" } } }, { "category": "product_name", "name": "Atlassian Jira Software \u003c 9.7.0", "product": { "name": "Atlassian Jira Software \u003c 9.7.0", "product_id": "T032055", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.7.0" } } } ], "category": "product_name", "name": "Jira Software" } ], "category": "vendor", "name": "Atlassian" }, { "branches": [ { "category": "product_name", "name": "HCL Commerce", "product": { "name": "HCL Commerce", "product_id": "T019293", "product_identification_helper": { "cpe": "cpe:/a:hcltechsw:commerce:-" } } } ], "category": "vendor", "name": "HCL" }, { "branches": [ { "category": "product_name", "name": "Hitachi Ops Center", "product": { "name": "Hitachi Ops Center", "product_id": "T017562", "product_identification_helper": { "cpe": "cpe:/a:hitachi:ops_center:-" } } } ], "category": "vendor", "name": "Hitachi" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "Es existiert eine nicht n\u00e4her beschriebene Schwachstelle in Red Hat Software Collections. Dabei handelt es sich um eine XML External Entity (XXE) Schwachstelle in rh-maven35-jackson-databind. Ein entfernter anonymer Angreifer kann das ausnutzen, um die Integrit\u00e4t zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T002207", "67646", "T019293", "T031606", "T017562", "T032055" ] }, "release_date": "2020-10-22T22:00:00Z", "title": "CVE-2020-25649" } ] }
wid-sec-w-2023-1012
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Insurance Applications ist eine Produktfamilie mit L\u00f6sungen f\u00fcr die Versicherungsbranche.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Insurance Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1012 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1012.json" }, { "category": "self", "summary": "WID-SEC-2023-1012 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1012" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Insurance Applications vom 2023-04-18", "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixINSU" } ], "source_lang": "en-US", "title": "Oracle Insurance Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-04-18T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:24:28.338+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1012", "initial_release_date": "2023-04-18T22:00:00.000+00:00", "revision_history": [ { "date": "2023-04-18T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Insurance Applications 12.6.0.0.0", "product": { "name": "Oracle Insurance Applications 12.6.0.0.0", "product_id": "T027384", "product_identification_helper": { "cpe": "cpe:/a:oracle:insurance_applications:12.6.0.0.0" } } }, { "category": "product_name", "name": "Oracle Insurance Applications \u003c= 12.6.4.0.0", "product": { "name": "Oracle Insurance Applications \u003c= 12.6.4.0.0", "product_id": "T027385", "product_identification_helper": { "cpe": "cpe:/a:oracle:insurance_applications:12.6.4.0.0" } } }, { "category": "product_name", "name": "Oracle Insurance Applications 12.7.0.0.0", "product": { "name": "Oracle Insurance Applications 12.7.0.0.0", "product_id": "T027386", "product_identification_helper": { "cpe": "cpe:/a:oracle:insurance_applications:12.7.0.0.0" } } }, { "category": "product_name", "name": "Oracle Insurance Applications 12.7.1.0.0", "product": { "name": "Oracle Insurance Applications 12.7.1.0.0", "product_id": "T027387", "product_identification_helper": { "cpe": "cpe:/a:oracle:insurance_applications:12.7.1.0.0" } } }, { "category": "product_name", "name": "Oracle Insurance Applications 1.0.1.8", "product": { "name": "Oracle Insurance Applications 1.0.1.8", "product_id": "T027388", "product_identification_helper": { "cpe": "cpe:/a:oracle:insurance_applications:1.0.1.8" } } } ], "category": "product_name", "name": "Insurance Applications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-27404", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-27404" }, { "cve": "CVE-2022-22965", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-22965" }, { "cve": "CVE-2021-35043", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-35043" }, { "cve": "CVE-2020-35168", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2020-35168" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-11987", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2020-11987" }, { "cve": "CVE-2019-10086", "notes": [ { "category": "description", "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T027384", "T027388", "T027386", "T027387" ], "last_affected": [ "T027385" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2019-10086" } ] }
wid-sec-w-2024-0794
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Dell ECS ist ein Objektspeichersystem.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0794 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json" }, { "category": "self", "summary": "WID-SEC-2024-0794 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-141 vom 2024-04-04", "url": "https://www.dell.com/support/kbdoc/000223839/dsa-2024-=" } ], "source_lang": "en-US", "title": "Dell ECS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-04T22:00:00.000+00:00", "generator": { "date": "2024-04-05T09:37:24.604+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0794", "initial_release_date": "2024-04-04T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-04T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 3.8.1.0", "product": { "name": "Dell ECS \u003c 3.8.1.0", "product_id": "T033919", "product_identification_helper": { "cpe": "cpe:/h:dell:ecs:3.8.1.0" } } } ], "category": "product_name", "name": "ECS" } ], "category": "vendor", "name": "Dell" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-18074", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2018-18074" }, { "cve": "CVE-2020-10663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10663" }, { "cve": "CVE-2020-10672", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10672" }, { "cve": "CVE-2020-10673", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10673" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10735" }, { "cve": "CVE-2020-10968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10968" }, { "cve": "CVE-2020-10969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10969" }, { "cve": "CVE-2020-11111", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11111" }, { "cve": "CVE-2020-11112", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11112" }, { "cve": "CVE-2020-11113", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11113" }, { "cve": "CVE-2020-11612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11612" }, { "cve": "CVE-2020-11619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11619" }, { "cve": "CVE-2020-11620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11620" }, { "cve": "CVE-2020-11979", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11979" }, { "cve": "CVE-2020-12762", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12762" }, { "cve": "CVE-2020-12825", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12825" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-13956" }, { "cve": "CVE-2020-14060", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14060" }, { "cve": "CVE-2020-14061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14061" }, { "cve": "CVE-2020-14062", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14062" }, { "cve": "CVE-2020-14195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14195" }, { "cve": "CVE-2020-15250", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-15250" }, { "cve": "CVE-2020-1945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1945" }, { "cve": "CVE-2020-1967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1967" }, { "cve": "CVE-2020-1971", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1971" }, { "cve": "CVE-2020-24616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24616" }, { "cve": "CVE-2020-24750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24750" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-25658", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25658" }, { "cve": "CVE-2020-26116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26116" }, { "cve": "CVE-2020-26137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26137" }, { "cve": "CVE-2020-26541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26541" }, { "cve": "CVE-2020-27216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27216" }, { "cve": "CVE-2020-27218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27218" }, { "cve": "CVE-2020-27223", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27223" }, { "cve": "CVE-2020-28366", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28366" }, { "cve": "CVE-2020-28493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28493" }, { "cve": "CVE-2020-29509", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29509" }, { "cve": "CVE-2020-29511", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29511" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-29651", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29651" }, { "cve": "CVE-2020-35490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35490" }, { "cve": "CVE-2020-35491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35491" }, { "cve": "CVE-2020-35728", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35728" }, { "cve": "CVE-2020-36179", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36179" }, { "cve": "CVE-2020-36180", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36180" }, { "cve": "CVE-2020-36181", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36181" }, { "cve": "CVE-2020-36182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36182" }, { "cve": "CVE-2020-36183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36183" }, { "cve": "CVE-2020-36184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36184" }, { "cve": "CVE-2020-36185", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36185" }, { "cve": "CVE-2020-36186", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36186" }, { "cve": "CVE-2020-36187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36187" }, { "cve": "CVE-2020-36188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36188" }, { "cve": "CVE-2020-36189", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36189" }, { "cve": "CVE-2020-36516", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36516" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-36557", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36557" }, { "cve": "CVE-2020-36558", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36558" }, { "cve": "CVE-2020-36691", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36691" }, { "cve": "CVE-2020-7238", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-7238" }, { "cve": "CVE-2020-8840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8840" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2020-8911", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8911" }, { "cve": "CVE-2020-8912", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8912" }, { "cve": "CVE-2020-9488", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9488" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-9546", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9546" }, { "cve": "CVE-2020-9547", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9547" }, { "cve": "CVE-2020-9548", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9548" }, { "cve": "CVE-2021-20190", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20190" }, { "cve": "CVE-2021-20323", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20323" }, { "cve": "CVE-2021-21290", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21290" }, { "cve": "CVE-2021-21295", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21295" }, { "cve": "CVE-2021-21409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21409" }, { "cve": "CVE-2021-23840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23840" }, { "cve": "CVE-2021-23841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23841" }, { "cve": "CVE-2021-2471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-2471" }, { "cve": "CVE-2021-25642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-25642" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-28153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28153" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28165" }, { "cve": "CVE-2021-28169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28169" }, { "cve": "CVE-2021-28861", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28861" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-30560", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-30560" }, { "cve": "CVE-2021-3114", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3114" }, { "cve": "CVE-2021-33036", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33036" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33503" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3424" }, { "cve": "CVE-2021-34428", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-34428" }, { "cve": "CVE-2021-3449", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3450" }, { "cve": "CVE-2021-3530", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3530" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36373" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-3648", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3648" }, { "cve": "CVE-2021-36690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36690" }, { "cve": "CVE-2021-3711", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3711" }, { "cve": "CVE-2021-3712", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3712" }, { "cve": "CVE-2021-37136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37136" }, { "cve": "CVE-2021-37137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37137" }, { "cve": "CVE-2021-37404", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37404" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-3754", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3754" }, { "cve": "CVE-2021-3778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3778" }, { "cve": "CVE-2021-3796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3796" }, { "cve": "CVE-2021-3826", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3826" }, { "cve": "CVE-2021-3827", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3827" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-3872", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3872" }, { "cve": "CVE-2021-3875", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3875" }, { "cve": "CVE-2021-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3903" }, { "cve": "CVE-2021-3923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3923" }, { "cve": "CVE-2021-3927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3927" }, { "cve": "CVE-2021-3928", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3928" }, { "cve": "CVE-2021-3968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3968" }, { "cve": "CVE-2021-3973", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3973" }, { "cve": "CVE-2021-3974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3974" }, { "cve": "CVE-2021-3984", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3984" }, { "cve": "CVE-2021-4019", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4019" }, { "cve": "CVE-2021-4037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4037" }, { "cve": "CVE-2021-4069", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4069" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4104" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4136" }, { "cve": "CVE-2021-4157", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4157" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4203", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4203" }, { "cve": "CVE-2021-42567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-42567" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-43797" }, { "cve": "CVE-2021-44531", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44531" }, { "cve": "CVE-2021-44532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44532" }, { "cve": "CVE-2021-44533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44533" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44878", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44878" }, { "cve": "CVE-2021-45078", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-45078" }, { "cve": "CVE-2021-46195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46195" }, { "cve": "CVE-2021-46828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46828" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0128" }, { "cve": "CVE-2022-0213", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0213" }, { "cve": "CVE-2022-0225", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0225" }, { "cve": "CVE-2022-0261", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0261" }, { "cve": "CVE-2022-0318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0318" }, { "cve": "CVE-2022-0319", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0319" }, { "cve": "CVE-2022-0351", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0351" }, { "cve": "CVE-2022-0359", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0359" }, { "cve": "CVE-2022-0361", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0361" }, { "cve": "CVE-2022-0392", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0392" }, { "cve": "CVE-2022-0407", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0407" }, { "cve": "CVE-2022-0413", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0413" }, { "cve": "CVE-2022-0561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0561" }, { "cve": "CVE-2022-0696", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0696" }, { "cve": "CVE-2022-0778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0778" }, { "cve": "CVE-2022-1184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1184" }, { "cve": "CVE-2022-1245", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1245" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-1292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1292" }, { "cve": "CVE-2022-1381", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1381" }, { "cve": "CVE-2022-1420", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1420" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-1466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1466" }, { "cve": "CVE-2022-1471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1471" }, { "cve": "CVE-2022-1586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1586" }, { "cve": "CVE-2022-1587", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1587" }, { "cve": "CVE-2022-1616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1616" }, { "cve": "CVE-2022-1619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1619" }, { "cve": "CVE-2022-1620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1620" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1720", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1720" }, { "cve": "CVE-2022-1729", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1729" }, { "cve": "CVE-2022-1733", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1733" }, { "cve": "CVE-2022-1735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1735" }, { "cve": "CVE-2022-1771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1771" }, { "cve": "CVE-2022-1785", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1785" }, { "cve": "CVE-2022-1796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1796" }, { "cve": "CVE-2022-1851", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1851" }, { "cve": "CVE-2022-1897", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1897" }, { "cve": "CVE-2022-1898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1898" }, { "cve": "CVE-2022-1927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1927" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1968" }, { "cve": "CVE-2022-1974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1974" }, { "cve": "CVE-2022-1975", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1975" }, { "cve": "CVE-2022-20132", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20132" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-20154", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20154" }, { "cve": "CVE-2022-20166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20166" }, { "cve": "CVE-2022-20368", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20368" }, { "cve": "CVE-2022-20369", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20369" }, { "cve": "CVE-2022-2047", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2047" }, { "cve": "CVE-2022-2048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2048" }, { "cve": "CVE-2022-20567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20567" }, { "cve": "CVE-2022-2068", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2068" }, { "cve": "CVE-2022-2097", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2097" }, { "cve": "CVE-2022-21216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21216" }, { "cve": "CVE-2022-21233", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21233" }, { "cve": "CVE-2022-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2124" }, { "cve": "CVE-2022-2125", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2125" }, { "cve": "CVE-2022-2126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2126" }, { "cve": "CVE-2022-2129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2129" }, { "cve": "CVE-2022-21363", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21363" }, { "cve": "CVE-2022-21385", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21385" }, { "cve": "CVE-2022-21499", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21499" }, { "cve": "CVE-2022-2153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2153" }, { "cve": "CVE-2022-21540", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21540" }, { "cve": "CVE-2022-21541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21541" }, { "cve": "CVE-2022-21549", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21549" }, { "cve": "CVE-2022-21618", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21618" }, { "cve": "CVE-2022-21619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21619" }, { "cve": "CVE-2022-21624", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21624" }, { "cve": "CVE-2022-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21626" }, { "cve": "CVE-2022-21628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21628" }, { "cve": "CVE-2022-21702", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21702" }, { "cve": "CVE-2022-2175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2175" }, { "cve": "CVE-2022-2182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2182" }, { "cve": "CVE-2022-2183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2183" }, { "cve": "CVE-2022-2206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2206" }, { "cve": "CVE-2022-2207", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2207" }, { "cve": "CVE-2022-2208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2208" }, { "cve": "CVE-2022-2210", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2210" }, { "cve": "CVE-2022-2231", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2231" }, { "cve": "CVE-2022-2256", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2256" }, { "cve": "CVE-2022-2257", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2257" }, { "cve": "CVE-2022-2264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2264" }, { "cve": "CVE-2022-2284", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2284" }, { "cve": "CVE-2022-2285", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2285" }, { "cve": "CVE-2022-2286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2286" }, { "cve": "CVE-2022-2287", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2287" }, { "cve": "CVE-2022-22976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22976" }, { "cve": "CVE-2022-22978", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22978" }, { "cve": "CVE-2022-2304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2304" }, { "cve": "CVE-2022-2318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2318" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-2343", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2343" }, { "cve": "CVE-2022-2344", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2344" }, { "cve": "CVE-2022-2345", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2345" }, { "cve": "CVE-2022-23471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23471" }, { "cve": "CVE-2022-23521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23521" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-24302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24302" }, { "cve": "CVE-2022-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24329" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-24903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24903" }, { "cve": "CVE-2022-2503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2503" }, { "cve": "CVE-2022-25147", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25147" }, { "cve": "CVE-2022-25168", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25168" }, { "cve": "CVE-2022-2519", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2519" }, { "cve": "CVE-2022-2520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2520" }, { "cve": "CVE-2022-2521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2521" }, { "cve": "CVE-2022-2522", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2522" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2022-2571", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2571" }, { "cve": "CVE-2022-2580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2580" }, { "cve": "CVE-2022-2581", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2581" }, { "cve": "CVE-2022-25857", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25857" }, { "cve": "CVE-2022-2588", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2588" }, { "cve": "CVE-2022-2598", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2598" }, { "cve": "CVE-2022-26148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26148" }, { "cve": "CVE-2022-26365", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26365" }, { "cve": "CVE-2022-26373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26373" }, { "cve": "CVE-2022-2639", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2639" }, { "cve": "CVE-2022-26612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26612" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-27943", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27943" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-2816", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2816" }, { "cve": "CVE-2022-2817", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2817" }, { "cve": "CVE-2022-2819", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2819" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2845", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2845" }, { "cve": "CVE-2022-2849", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2849" }, { "cve": "CVE-2022-2862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2862" }, { "cve": "CVE-2022-2867", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2867" }, { "cve": "CVE-2022-2868", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2868" }, { "cve": "CVE-2022-2869", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2869" }, { "cve": "CVE-2022-28693", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28693" }, { "cve": "CVE-2022-2874", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2874" }, { "cve": "CVE-2022-28748", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28748" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2889" }, { "cve": "CVE-2022-29162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29162" }, { "cve": "CVE-2022-29187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29187" }, { "cve": "CVE-2022-2923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2923" }, { "cve": "CVE-2022-2946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2946" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29583", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29583" }, { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2977", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2977" }, { "cve": "CVE-2022-2980", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2980" }, { "cve": "CVE-2022-2982", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2982" }, { "cve": "CVE-2022-29900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29900" }, { "cve": "CVE-2022-29901", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29901" }, { "cve": "CVE-2022-2991", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2991" }, { "cve": "CVE-2022-3016", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3016" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3028" }, { "cve": "CVE-2022-3037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3037" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-3099", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3099" }, { "cve": "CVE-2022-31030", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31030" }, { "cve": "CVE-2022-31159", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31159" }, { "cve": "CVE-2022-3134", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3134" }, { "cve": "CVE-2022-3153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3153" }, { "cve": "CVE-2022-3169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3169" }, { "cve": "CVE-2022-31690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31690" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-3234", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3234" }, { "cve": "CVE-2022-3235", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3235" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-3278", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3278" }, { "cve": "CVE-2022-3296", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3296" }, { "cve": "CVE-2022-3297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3297" }, { "cve": "CVE-2022-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33196" }, { "cve": "CVE-2022-3324", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3324" }, { "cve": "CVE-2022-3352", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3352" }, { "cve": "CVE-2022-33740", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33740" }, { "cve": "CVE-2022-33741", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33741" }, { "cve": "CVE-2022-33742", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33742" }, { "cve": "CVE-2022-33972", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33972" }, { "cve": "CVE-2022-33981", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33981" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3424" }, { "cve": "CVE-2022-34266", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34266" }, { "cve": "CVE-2022-34526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34526" }, { "cve": "CVE-2022-34903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34903" }, { "cve": "CVE-2022-3491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3491" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3520" }, { "cve": "CVE-2022-3521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3521" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3542", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3542" }, { "cve": "CVE-2022-3545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3545" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3565", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3565" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-3586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3586" }, { "cve": "CVE-2022-3591", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3591" }, { "cve": "CVE-2022-3594", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3594" }, { "cve": "CVE-2022-3597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3597" }, { "cve": "CVE-2022-3599", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3599" }, { "cve": "CVE-2022-36109", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36109" }, { "cve": "CVE-2022-3621", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3621" }, { "cve": "CVE-2022-3626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3626" }, { "cve": "CVE-2022-3627", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3627" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-36280", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36280" }, { "cve": "CVE-2022-3629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3629" }, { "cve": "CVE-2022-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3635" }, { "cve": "CVE-2022-3643", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3643" }, { "cve": "CVE-2022-36437", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36437" }, { "cve": "CVE-2022-3646", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3646" }, { "cve": "CVE-2022-3649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3649" }, { "cve": "CVE-2022-36760", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36760" }, { "cve": "CVE-2022-36879", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36879" }, { "cve": "CVE-2022-36946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36946" }, { "cve": "CVE-2022-3705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3705" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-37865", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37865" }, { "cve": "CVE-2022-37866", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37866" }, { "cve": "CVE-2022-38090", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38090" }, { "cve": "CVE-2022-38096", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38096" }, { "cve": "CVE-2022-38126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38126" }, { "cve": "CVE-2022-38127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38127" }, { "cve": "CVE-2022-38177", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38177" }, { "cve": "CVE-2022-38178", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38178" }, { "cve": "CVE-2022-3821", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3821" }, { "cve": "CVE-2022-38533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38533" }, { "cve": "CVE-2022-38749", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38749" }, { "cve": "CVE-2022-38750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38750" }, { "cve": "CVE-2022-38751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38751" }, { "cve": "CVE-2022-38752", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38752" }, { "cve": "CVE-2022-39028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39028" }, { "cve": "CVE-2022-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3903" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-39399", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39399" }, { "cve": "CVE-2022-3970", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3970" }, { "cve": "CVE-2022-40149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40149" }, { "cve": "CVE-2022-40150", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40150" }, { "cve": "CVE-2022-40151", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40151" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40153" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40307" }, { "cve": "CVE-2022-40674", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40674" }, { "cve": "CVE-2022-40768", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40768" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-4095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4095" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-4141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4141" }, { "cve": "CVE-2022-41717", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41717" }, { "cve": "CVE-2022-41721", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41721" }, { "cve": "CVE-2022-41848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41848" }, { "cve": "CVE-2022-41850", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41850" }, { "cve": "CVE-2022-41854", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41854" }, { "cve": "CVE-2022-41858", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41858" }, { "cve": "CVE-2022-41881", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41881" }, { "cve": "CVE-2022-41903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41903" }, { "cve": "CVE-2022-41915", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41915" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42328" }, { "cve": "CVE-2022-42329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42329" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42895", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42895" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-4292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4292" }, { "cve": "CVE-2022-4293", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4293" }, { "cve": "CVE-2022-42969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42969" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-43995", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43995" }, { "cve": "CVE-2022-4415", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4415" }, { "cve": "CVE-2022-4450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4450" }, { "cve": "CVE-2022-44638", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-44638" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-45884", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45884" }, { "cve": "CVE-2022-45885", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45885" }, { "cve": "CVE-2022-45886", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45886" }, { "cve": "CVE-2022-45887", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45887" }, { "cve": "CVE-2022-45919", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45919" }, { "cve": "CVE-2022-45934", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45934" }, { "cve": "CVE-2022-45939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45939" }, { "cve": "CVE-2022-4662", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4662" }, { "cve": "CVE-2022-46751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46751" }, { "cve": "CVE-2022-46908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46908" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-48281", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48281" }, { "cve": "CVE-2022-48337", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48337" }, { "cve": "CVE-2022-48339", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48339" }, { "cve": "CVE-2023-0045", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0045" }, { "cve": "CVE-2023-0049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0049" }, { "cve": "CVE-2023-0051", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0051" }, { "cve": "CVE-2023-0054", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0054" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0288", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0288" }, { "cve": "CVE-2023-0433", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0433" }, { "cve": "CVE-2023-0464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0464" }, { "cve": "CVE-2023-0465", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0465" }, { "cve": "CVE-2023-0466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0466" }, { "cve": "CVE-2023-0512", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0512" }, { "cve": "CVE-2023-0590", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0590" }, { "cve": "CVE-2023-0597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0597" }, { "cve": "CVE-2023-0833", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0833" }, { "cve": "CVE-2023-1076", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1076" }, { "cve": "CVE-2023-1095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1095" }, { "cve": "CVE-2023-1118", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1118" }, { "cve": "CVE-2023-1127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1127" }, { "cve": "CVE-2023-1170", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1170" }, { "cve": "CVE-2023-1175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1175" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2023-1380", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1380" }, { "cve": "CVE-2023-1390", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1390" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1436" }, { "cve": "CVE-2023-1513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1513" }, { "cve": "CVE-2023-1611", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1611" }, { "cve": "CVE-2023-1670", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1670" }, { "cve": "CVE-2023-1855", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1855" }, { "cve": "CVE-2023-1989", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1989" }, { "cve": "CVE-2023-1990", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1990" }, { "cve": "CVE-2023-1998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1998" }, { "cve": "CVE-2023-20862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-20862" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-2162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2162" }, { "cve": "CVE-2023-2176", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2176" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-21835", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21835" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-22490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22490" }, { "cve": "CVE-2023-2253", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2253" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-23455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23455" }, { "cve": "CVE-2023-23559", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23559" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-23946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23946" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-24532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24532" }, { "cve": "CVE-2023-24534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24534" }, { "cve": "CVE-2023-2483", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2483" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-2513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2513" }, { "cve": "CVE-2023-25193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25193" }, { "cve": "CVE-2023-25652", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25652" }, { "cve": "CVE-2023-25690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25690" }, { "cve": "CVE-2023-25809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25809" }, { "cve": "CVE-2023-25815", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25815" }, { "cve": "CVE-2023-26048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26048" }, { "cve": "CVE-2023-26049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26049" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26545" }, { "cve": "CVE-2023-26604", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26604" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-27561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27561" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-28320", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28320" }, { "cve": "CVE-2023-28321", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28321" }, { "cve": "CVE-2023-28322", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28322" }, { "cve": "CVE-2023-28328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28328" }, { "cve": "CVE-2023-28464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28464" }, { "cve": "CVE-2023-28486", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28486" }, { "cve": "CVE-2023-28487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28487" }, { "cve": "CVE-2023-28642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28642" }, { "cve": "CVE-2023-28772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28772" }, { "cve": "CVE-2023-28840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28840" }, { "cve": "CVE-2023-28841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28841" }, { "cve": "CVE-2023-28842", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28842" }, { "cve": "CVE-2023-29007", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29007" }, { "cve": "CVE-2023-29383", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29383" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29406", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29406" }, { "cve": "CVE-2023-29409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29409" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30630" }, { "cve": "CVE-2023-30772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30772" }, { "cve": "CVE-2023-31084", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31084" }, { "cve": "CVE-2023-3138", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3138" }, { "cve": "CVE-2023-31436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31436" }, { "cve": "CVE-2023-31484", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31484" }, { "cve": "CVE-2023-32269", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32269" }, { "cve": "CVE-2023-32697", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32697" }, { "cve": "CVE-2023-33264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-33264" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-34035", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34035" }, { "cve": "CVE-2023-34453", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34453" }, { "cve": "CVE-2023-34454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34454" }, { "cve": "CVE-2023-34455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34455" }, { "cve": "CVE-2023-34462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34462" }, { "cve": "CVE-2023-35116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-35116" }, { "cve": "CVE-2023-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3635" }, { "cve": "CVE-2023-36479", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-36479" }, { "cve": "CVE-2023-39533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-39533" }, { "cve": "CVE-2023-40167", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40167" }, { "cve": "CVE-2023-40217", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40217" }, { "cve": "CVE-2023-41105", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41105" }, { "cve": "CVE-2023-41900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41900" }, { "cve": "CVE-2023-43642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43642" }, { "cve": "CVE-2023-43804", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43804" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45803", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-45803" }, { "cve": "CVE-2024-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2024-21626" } ] }
var-202012-1529
Vulnerability from variot
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
Security Fix(es):
-
xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988)
-
xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)
-
xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)
-
xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)
-
xstream: ReDoS vulnerability (CVE-2021-21348)
-
xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)
-
xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)
-
xstream: SSRF via crafted input stream (CVE-2021-21342)
-
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)
-
xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346)
-
xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345)
-
xstream: arbitrary code execution via crafted input stream (CVE-2021-21344)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream
The References section of this erratum contains a download link (you must log in to download the update). See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1427
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update Advisory ID: RHSA-2020:5342-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:5342 Issue date: 2020-12-03 CVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)
-
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)
-
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-20029 - GSS Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - GSS Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - GSS Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20223 - Tracker bug for the EAP 7.3.4 release for RHEL-8 JBEAP-20239 - GSS Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - GSS Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - GSS Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final
- Package List:
Red Hat JBoss EAP 7.3 for BaseOS-8:
Source: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.src.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.src.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.src.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.src.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.noarch.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.noarch.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.noarch.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX8k7Y9zjgjWX9erEAQgaMA/8D6uRPrTX/XmXtkeZw9Y9yMoLHIYpl083 iv71vIyCkmQXHFmsYidw0jI6euRhHmihMY5DMyci3zAHqa7KbX1pqQsXWPIvWVnv ykpkGtPGUoqlJU7FDZq00Vk+/bykOEIcAmBJJCoNuLAS09gub2l2UPD3QGC1cZfa 7ziYlGTufSOYN6RInoSGiOgqUpYQzF35oZT2Vwc5b92ZGx6rj08vrCGNmF9SXRYc +yy1IIVGMdYe/1IEcpq936F8AKxJYiqyhsLP4orkt1GxC5P8RGnGvUoIwZmrDq06 xBPP44WmbAmFu8t3hcBUBs+ewzAc9swmy7ZKu8yuJfmxcDlyz/pVpPg8tLfCZRbg XRekSfvEzRw6lidGv5vMqUUoRxJd5LicaWSW93jus01UahLVMTGyPMAVHcdeP1P7 n29R5ZNWk5e9cWCmTL10T3+6Rf4brnbUf09mCsgSwSsuejCoxdD0JLaC0z953cqC ga5z8xSYtXmQdhOKZIhQ17el2Prdw82Vw11dNFvN3AsQMu3exSOp+MAhh9bs5/Ba HcvSdryXIkEy/3atBUZxoDZu6ZJRHB0yWuk3CsvoW3lJuBGhVS1Wah+9g8Lq0H5y QkpRwaCU+SxNXG+VAq59ZP8jKyl87mMzRQ4w0touglb/YqSZfp2dpAqC5t8zPfeO B8NkNn8eYYs=+qXq -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
You must restart the JBoss server process for the update to take effect
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1529", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.6.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.0" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.2" }, { "model": "banking apis", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.1" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.9.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.3.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.7.1" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.2.0" }, { "model": "agile product lifecycle management integration pack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.6" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.10.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.10.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.5.0" }, { "model": "banking apis", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.6.2" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "iotdb", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "0.12.0" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.3" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "coherence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "communications interactive session recorder", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.4" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.4" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.0.0" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "coherence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1" }, { "model": "oncommand api services", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.0.1" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.1" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "banking apis", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "quarkus", "scope": "lte", "trust": 1.0, "vendor": "quarkus", "version": "1.6.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.10.5.1" }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.7" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "banking platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "2.8.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "hitachi ops center analyzer viewpoint", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "oncommand workflow automation", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "oncommand api services", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "quarkus", "scope": null, "trust": 0.8, "vendor": "quarkus", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.10.5.1", "versionStartIncluding": "2.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.7", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.4", "versionStartIncluding": "2.6.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.3", "versionStartIncluding": "18.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-25649" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" } ], "trust": 0.7 }, "cve": "CVE-2020-25649", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-25649", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-179648", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-25649", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-25649", "trust": 1.8, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-179648", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-25649", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only\nerrata is to inform you about the security issues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* xmlgraphics-commons: SSRF due to improper input validation by the\nXMPParser (CVE-2020-11988)\n\n* xstream: allow a remote attacker to cause DoS only by manipulating the\nprocessed input stream (CVE-2021-21341)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21351)\n\n* xstream: arbitrary file deletion on the local host via crafted input\nstream (CVE-2021-21343)\n\n* xstream: arbitrary file deletion on the local host when unmarshalling\n(CVE-2020-26259)\n\n* xstream: ReDoS vulnerability (CVE-2021-21348)\n\n* xstream: Server-Side Forgery Request vulnerability can be activated when\nunmarshalling (CVE-2020-26258)\n\n* xstream: SSRF can be activated unmarshalling with XStream to access data\nstreams from an arbitrary URL referencing a resource in an intranet or the\nlocal host (CVE-2021-21349)\n\n* xstream: SSRF via crafted input stream (CVE-2021-21342)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* xstream: allow a remote attacker to execute arbitrary code only by\nmanipulating the processed input stream (CVE-2021-21350)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21347)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21346)\n\n* xstream: allow a remote attacker who has sufficient rights to execute\ncommands of the host only by manipulating the processed input stream\n(CVE-2021-21345)\n\n* xstream: arbitrary code execution via crafted input stream\n(CVE-2021-21344)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling\n1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser\n1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream\n1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream\n1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream\n1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet\n1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry\n1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue\n1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator\n1942633 - CVE-2021-21348 XStream: ReDoS vulnerability\n1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host\n1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader\n1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream\n\n5. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1427\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\n\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update\nAdvisory ID: RHSA-2020:5342-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5342\nIssue date: 2020-12-03\nCVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8 - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (CVE-2020-25649)\n\n* hibernate-core: SQL injection vulnerability when both\nhibernate.use_sql_comments and JPQL String literals are used\n(CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n(CVE-2020-25644)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016\nJBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat\nJBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001\nJBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final\nJBEAP-20223 - Tracker bug for the EAP 7.3.4 release for RHEL-8\nJBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final\nJBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final\nJBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final\nJBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002\nJBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile\nJBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007\nJBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8:\n\nSource:\neap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.src.rpm\neap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.src.rpm\neap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.src.rpm\neap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.src.rpm\neap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.src.rpm\neap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.noarch.rpm\neap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.noarch.rpm\neap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-25638\nhttps://access.redhat.com/security/cve/CVE-2020-25644\nhttps://access.redhat.com/security/cve/CVE-2020-25649\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX8k7Y9zjgjWX9erEAQgaMA/8D6uRPrTX/XmXtkeZw9Y9yMoLHIYpl083\niv71vIyCkmQXHFmsYidw0jI6euRhHmihMY5DMyci3zAHqa7KbX1pqQsXWPIvWVnv\nykpkGtPGUoqlJU7FDZq00Vk+/bykOEIcAmBJJCoNuLAS09gub2l2UPD3QGC1cZfa\n7ziYlGTufSOYN6RInoSGiOgqUpYQzF35oZT2Vwc5b92ZGx6rj08vrCGNmF9SXRYc\n+yy1IIVGMdYe/1IEcpq936F8AKxJYiqyhsLP4orkt1GxC5P8RGnGvUoIwZmrDq06\nxBPP44WmbAmFu8t3hcBUBs+ewzAc9swmy7ZKu8yuJfmxcDlyz/pVpPg8tLfCZRbg\nXRekSfvEzRw6lidGv5vMqUUoRxJd5LicaWSW93jus01UahLVMTGyPMAVHcdeP1P7\nn29R5ZNWk5e9cWCmTL10T3+6Rf4brnbUf09mCsgSwSsuejCoxdD0JLaC0z953cqC\nga5z8xSYtXmQdhOKZIhQ17el2Prdw82Vw11dNFvN3AsQMu3exSOp+MAhh9bs5/Ba\nHcvSdryXIkEy/3atBUZxoDZu6ZJRHB0yWuk3CsvoW3lJuBGhVS1Wah+9g8Lq0H5y\nQkpRwaCU+SxNXG+VAq59ZP8jKyl87mMzRQ4w0touglb/YqSZfp2dpAqC5t8zPfeO\nB8NkNn8eYYs=+qXq\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nYou must restart the JBoss server process for the update to take effect", "sources": [ { "db": "NVD", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-25649", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2020-014030", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160349", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "160346", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162478", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159973", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162696", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163201", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "159767", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163205", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160347", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160489", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160348", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160554", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159680", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161261", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162240", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161766", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160535", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-202010-622", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-179648", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-25649", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "id": "VAR-202012-1529", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-179648" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:57:50.923000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-111", "trust": 0.8, "url": "https://github.com/fasterxml/jackson-databind/issues/2589" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204401 - security advisory" }, { "title": "Red Hat: Important: Red Hat Data Grid 7.3.8 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205410 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204402 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Eclipse Vert.x 3.9.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204379 - security advisory" }, { "title": "Red Hat: Important: rh-maven35-jackson-databind security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204312 - security advisory" }, { "title": "Red Hat: Low: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210381 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205341 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205340 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205342 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205344 - security advisory" }, { "title": "Red Hat: Important: Red Hat Single Sign-On 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205533 - security advisory" }, { "title": "Red Hat: Important: Red Hat build of Thorntail 2.7.2 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205361 - security advisory" }, { "title": "IBM: Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5d8938176e857437de15675453ad2b9a" }, { "title": "IBM: Security Bulletin: A vulnerability have been identified in FasterXML Jackson Databind shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-25649)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e73bd45b3af488f816a21700b2fd0ee8" }, { "title": "IBM: Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=83af1574b941aa6afccbfb11a9d6dd60" }, { "title": "IBM: Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0169ebe66d0191409c7149d7151593fb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-111" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a" }, { "title": "sbom-utility", "trust": 0.1, "url": "https://github.com/cyclonedx/sbom-utility " }, { "title": "Apache JMeter", "trust": 0.1, "url": "https://github.com/mosaic-hgw/jmeter " }, { "title": "", "trust": 0.1, "url": "https://github.com/pctf/vulnerable-app " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-611", "trust": 1.1 }, { "problemtype": "XML Improper restrictions on external entity references (CWE-611) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25649" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210108-0007/" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "trust": 1.1, "url": "https://github.com/fasterxml/jackson-databind/issues/2589" }, { "trust": 1.1, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3ccommits.turbine.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3ccommits.druid.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3cdev.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3ccommits.servicecomb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3cissues.flink.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3creviews.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3cdev.knox.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3creviews.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3ccommits.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3cnotifications.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3creviews.iotdb.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3cuser.spark.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3cdev.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3ccommits.tomee.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3cissues.flink.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3cdev.knox.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3cissues.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3cissues.hive.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3ccommits.zookeeper.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3cjira.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3ccommits.karaf.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cdev.kafka.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cusers.kafka.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.9, "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3ccommits.zookeeper.apache.org%3e" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-25649" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25638" }, { "trust": 0.3, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-25638" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25644" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-25644" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3ccommits.servicecomb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3ccommits.druid.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3cissues.flink.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3cissues.flink.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3cdev.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3cissues.hive.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3ccommits.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3cnotifications.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3creviews.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3creviews.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3creviews.iotdb.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3cjira.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3ccommits.karaf.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3cdev.knox.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3cdev.knox.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3cuser.spark.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3ccommits.tomee.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3ccommits.turbine.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3cdev.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3cissues.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3cnotifications.zookeeper.apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040" }, { "trust": 0.1, "url": "https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2039" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21350" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2475" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21345" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21342" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21348" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21348" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11988" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21350" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21346" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21347" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21345" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26259" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5344" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4379" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=3.9.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1429" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5342" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4401" } ], "sources": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-179648" }, { "db": "VULMON", "id": "CVE-2020-25649" }, { "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "163201" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "159973" }, { "db": "PACKETSTORM", "id": "162478" }, { "db": "PACKETSTORM", "id": "160349" }, { "db": "PACKETSTORM", "id": "159767" }, { "db": "NVD", "id": "CVE-2020-25649" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-12-03T00:00:00", "db": "VULHUB", "id": "VHN-179648" }, { "date": "2020-12-03T00:00:00", "db": "VULMON", "id": "CVE-2020-25649" }, { "date": "2021-07-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "date": "2021-05-19T14:19:36", "db": "PACKETSTORM", "id": "162696" }, { "date": "2021-06-17T18:16:15", "db": "PACKETSTORM", "id": "163201" }, { "date": "2020-12-03T20:27:14", "db": "PACKETSTORM", "id": "160346" }, { "date": "2020-11-09T19:20:13", "db": "PACKETSTORM", "id": "159973" }, { "date": "2021-05-06T01:15:29", "db": "PACKETSTORM", "id": "162478" }, { "date": "2020-12-03T20:27:59", "db": "PACKETSTORM", "id": "160349" }, { "date": "2020-10-29T14:40:25", "db": "PACKETSTORM", "id": "159767" }, { "date": "2020-12-03T17:15:12.503000", "db": "NVD", "id": "CVE-2020-25649" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-02T00:00:00", "db": "VULHUB", "id": "VHN-179648" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-25649" }, { "date": "2021-07-20T04:50:00", "db": "JVNDB", "id": "JVNDB-2020-014030" }, { "date": "2023-11-07T03:20:18.977000", "db": "NVD", "id": "CVE-2020-25649" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "162696" }, { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "160349" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0Jackson\u00a0Databind\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-014030" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "sql injection, memory leak", "sources": [ { "db": "PACKETSTORM", "id": "160346" }, { "db": "PACKETSTORM", "id": "160349" } ], "trust": 0.2 } }
gsd-2020-25649
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2020-25649", "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GSD-2020-25649", "references": [ "https://www.suse.com/security/cve/CVE-2020-25649.html", "https://access.redhat.com/errata/RHSA-2021:2476", "https://access.redhat.com/errata/RHSA-2021:2475", "https://access.redhat.com/errata/RHSA-2021:2039", "https://access.redhat.com/errata/RHSA-2021:1429", "https://access.redhat.com/errata/RHSA-2021:1260", "https://access.redhat.com/errata/RHSA-2021:0811", "https://access.redhat.com/errata/RHSA-2021:0381", "https://access.redhat.com/errata/RHSA-2020:5533", "https://access.redhat.com/errata/RHSA-2020:5410", "https://access.redhat.com/errata/RHSA-2020:5361", "https://access.redhat.com/errata/RHSA-2020:5344", "https://access.redhat.com/errata/RHSA-2020:5342", "https://access.redhat.com/errata/RHSA-2020:5341", "https://access.redhat.com/errata/RHSA-2020:5340", "https://access.redhat.com/errata/RHSA-2020:4402", "https://access.redhat.com/errata/RHSA-2020:4401", "https://access.redhat.com/errata/RHSA-2020:4379", "https://access.redhat.com/errata/RHSA-2020:4312", "https://advisories.mageia.org/CVE-2020-25649.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-25649" ], "details": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GSD-2020-25649", "modified": "2023-12-13T01:21:57.047118Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25649", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "jackson-databind", "version": { "version_data": [ { "version_value": "jackson-databind-2.11.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-611" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "name": "https://github.com/FasterXML/jackson-databind/issues/2589", "refsource": "MISC", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" }, { "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E" }, { "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E" }, { "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E" }, { "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E" }, { "name": "FEDORA-2021-1d8254899c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E" }, { "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E" }, { "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E" }, { "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20210108-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210108-0007/" }, { "name": "[spark-user] 20210621 Re: CVEs", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[2.6.0,2.6.7.4),[2.9.0,2.9.10.7),[2.10.0,2.10.5.1)", "affected_versions": "All versions starting from 2.6.0 before 2.6.7.4, all versions starting from 2.9.0 before 2.9.10.7, all versions starting from 2.10.0 before 2.10.5.1", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-611", "CWE-937" ], "date": "2021-10-26", "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "fixed_versions": [ "2.6.7.4", "2.9.10.7", "2.10.5.1" ], "identifier": "CVE-2020-25649", "identifiers": [ "CVE-2020-25649" ], "not_impacted": "All versions before 2.6.0, all versions starting from 2.6.7.4 before 2.9.0, all versions starting from 2.9.10.7 before 2.10.0, all versions starting from 2.10.5.1", "package_slug": "maven/com.fasterxml.jackson.core/jackson-databind", "pubdate": "2020-12-03", "solution": "Upgrade to versions 2.6.7.4, 2.9.10.7, 2.10.5.1 or above.", "title": "Improper Restriction of XML External Entity Reference", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-25649", "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" ], "uuid": "b82624cc-392d-43db-ae9f-1a7b87e7c5c8" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.10.5.1", "versionStartIncluding": "2.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.7", "versionStartIncluding": "2.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.4", "versionStartIncluding": "2.6.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.3", "versionStartIncluding": "18.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25649" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-611" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FasterXML/jackson-databind/issues/2589", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/FasterXML/jackson-databind/issues/2589" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664", "refsource": "MISC", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E" }, { "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20210108-0007/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210108-0007/" }, { "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E" }, { "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E" }, { "name": "FEDORA-2021-1d8254899c", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E" }, { "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E" }, { "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E" }, { "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E" }, { "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)", "refsource": "MLIST", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E" }, { "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E" }, { "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "[spark-user] 20210621 Re: CVEs", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E" }, { "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-02-02T16:18Z", "publishedDate": "2020-12-03T17:15Z" } } }
ghsa-288c-cq4h-88gq
Vulnerability from github
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 2.6.7.3" }, "package": { "ecosystem": "Maven", "name": "com.fasterxml.jackson.core:jackson-databind" }, "ranges": [ { "events": [ { "introduced": "2.6.0" }, { "fixed": "2.6.7.4" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.9.10.6" }, "package": { "ecosystem": "Maven", "name": "com.fasterxml.jackson.core:jackson-databind" }, "ranges": [ { "events": [ { "introduced": "2.7.0.0" }, { "fixed": "2.9.10.7" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.10.5.0" }, "package": { "ecosystem": "Maven", "name": "com.fasterxml.jackson.core:jackson-databind" }, "ranges": [ { "events": [ { "introduced": "2.10.0.0" }, { "fixed": "2.10.5.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-25649" ], "database_specific": { "cwe_ids": [ "CWE-611" ], "github_reviewed": true, "github_reviewed_at": "2021-02-18T20:41:26Z", "nvd_published_at": "2020-12-03T17:15:00Z", "severity": "HIGH" }, "details": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", "id": "GHSA-288c-cq4h-88gq", "modified": "2024-03-15T00:30:48Z", "published": "2021-02-18T20:51:54Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/issues/2589" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20210108-0007" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E" }, { "type": "PACKAGE", "url": "https://github.com/FasterXML/jackson-databind" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ], "summary": "XML External Entity (XXE) Injection in Jackson Databind" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.