Action not permitted
Modal body text goes here.
CVE-2020-36518
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/FasterXML/jackson-databind/issues/2816 | Issue Tracking, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html | Exploit, Mailing List, Third Party Advisory | |
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20220506-0004/ | Third Party Advisory | |
cve@mitre.org | https://www.debian.org/security/2022/dsa-5283 | Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:30:08.127Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "name": "DSA-5283", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-27T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "name": "DSA-5283", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36518", "datePublished": "2022-03-11T00:00:00", "dateReserved": "2022-03-11T00:00:00", "dateUpdated": "2024-08-04T17:30:08.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-36518\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-03-11T07:15:07.800\",\"lastModified\":\"2022-11-29T22:12:38.183\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.\"},{\"lang\":\"es\",\"value\":\"jackson-databind versiones anteriores a 2.13.0, permite una excepci\u00f3n Java StackOverflow y una denegaci\u00f3n de servicio por medio de una gran profundidad de objetos anidados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.6.1\",\"matchCriteriaId\":\"E4445932-0923-4D28-8911-CFC9B61DFE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.2.1\",\"matchCriteriaId\":\"862ED616-15D6-42A2-88DB-9D3F304EFB5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1\",\"matchCriteriaId\":\"384DEDD9-CB26-4306-99D8-83068A9B23ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA64A1D-34F9-4441-857A-25C165E6DBB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"869CDD22-4A6C-4665-AA37-E340B07EF81C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0.4.0\",\"versionEndIncluding\":\"12.0.0.6.0\",\"matchCriteriaId\":\"DCE2010E-A144-4ED2-B73D-1CA3800A8F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EDB6772-7FDB-45FF-8D72-952902A7EE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAB7154-4DE8-4806-86D0-C1D33B84417B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A264E0DE-209D-49B1-8B26-51AB8BBC97F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6577F14-36B6-46A5-A1B1-FCCADA61A23B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F4637E5-3324-441D-94E9-C2DBE9A6B502\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4E817B5-A26B-4EA8-BA93-F87F42114FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74810125-09E6-4F27-B541-AFB61112AC56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.7\",\"versionEndIncluding\":\"8.1.0.0\",\"matchCriteriaId\":\"69F21EC6-EC2F-4E96-A9DE-621B84105304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC69CF0-6269-40F5-871B-16CFD5EC4C45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"172BECE8-9626-4910-AAA1-A2FA9C7139E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB82398-7281-47CF-81F9-A8A67D9C9DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.1.0\",\"versionEndIncluding\":\"8.1.2.1\",\"matchCriteriaId\":\"AD9AC3A6-9B91-4B55-A320-A40E95F21058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9319627-379D-4069-8AC9-512D411F22DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC36036-07CE-4903-8FFB-445C6908F0CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F091C7-0869-4FD6-AC73-DA697D990304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D134C60-F9E2-46C2-8466-DB90AD98439E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.1.0\",\"versionEndIncluding\":\"8.1.2.1\",\"matchCriteriaId\":\"E6F77FFB-558E-4740-A63E-B702EE12EF68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C64D669C-513E-4C53-8BB8-13EB336CDC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4BDDBCD-4038-4BEC-91DB-587C2FBC6369\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6394E90-2F2C-4955-9F97-BFED76D4333B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"10BBAD37-51A1-4819-807B-2642E9D4A69C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.9.4.2.2\",\"matchCriteriaId\":\"EE85204F-614D-4EF1-ABEB-B3CD381C2CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A6FFB5C-EB44-499F-BE81-24ED2B1F201A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.2.0.1.30\",\"matchCriteriaId\":\"8F0728F8-14D0-4282-9CA7-EFCD68EE77AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.2.0\",\"matchCriteriaId\":\"097A31AB-B77F-4DC5-9CD8-AC3A403607AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42F4D251-489F-41C8-BFA3-B51A1B69028D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.14\",\"matchCriteriaId\":\"F04DF183-EBCB-456E-90F9-A8500E6E32B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.13\",\"matchCriteriaId\":\"8D30B0D1-4466-4601-8822-CE8ADBB381FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0\",\"versionEndIncluding\":\"20.12.18\",\"matchCriteriaId\":\"17DE4709-5FFB-4E70-9416-553D89149D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.12.0\",\"versionEndIncluding\":\"21.12.1\",\"matchCriteriaId\":\"2982311E-B89A-4F9A-8BD2-44635DDDC10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0.0\",\"versionEndIncluding\":\"17.12.20.4\",\"matchCriteriaId\":\"050C3F61-FD74-4B62-BBC7-FFF05B22FB34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0.0\",\"versionEndIncluding\":\"18.8.25.4\",\"matchCriteriaId\":\"CD0A17FC-BFA9-4EA5-8D4F-1CEC5BC11AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.19.0\",\"matchCriteriaId\":\"5BC6277C-7C2F-49E1-8A68-4C726A087F74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0.0\",\"versionEndIncluding\":\"21.12.4.0\",\"matchCriteriaId\":\"C383F1DE-32E0-4E77-9C5F-2D91893F458E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"5AFBEE29-1972-40B1-ADD6-536D5C74D4EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951EC479-1B04-49C9-8381-D849685E7517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B32D7B0-CAE2-4B31-94C4-6124356C12B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06816711-7C49-47B9-A9D7-FB18CC3F42F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.1.0\",\"matchCriteriaId\":\"7E244A7B-EB39-4A84-BB01-EB09037A701F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5BBA303-8D2B-48C5-B52A-4E192166699C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4DAAD73-FE86-4934-AB1A-A60E840C6C1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCAA4004-9319-478C-9D55-0E8307F872F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}]}]}],\"references\":[{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2816\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220506-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2022_8781
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:8781", "url": "https://access.redhat.com/errata/RHSA-2022:8781" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "LOG-2860", "url": "https://issues.redhat.com/browse/LOG-2860" }, { "category": "external", "summary": "LOG-3131", "url": "https://issues.redhat.com/browse/LOG-3131" }, { "category": "external", "summary": "LOG-3222", "url": "https://issues.redhat.com/browse/LOG-3222" }, { "category": "external", "summary": "LOG-3226", "url": "https://issues.redhat.com/browse/LOG-3226" }, { "category": "external", "summary": "LOG-3284", "url": "https://issues.redhat.com/browse/LOG-3284" }, { "category": "external", "summary": "LOG-3287", "url": "https://issues.redhat.com/browse/LOG-3287" }, { "category": "external", "summary": "LOG-3301", "url": "https://issues.redhat.com/browse/LOG-3301" }, { "category": "external", "summary": "LOG-3305", "url": "https://issues.redhat.com/browse/LOG-3305" }, { "category": "external", "summary": "LOG-3310", "url": "https://issues.redhat.com/browse/LOG-3310" }, { "category": "external", "summary": "LOG-3332", "url": "https://issues.redhat.com/browse/LOG-3332" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8781.json" } ], "title": "Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update", "tracking": { "current_release_date": "2024-11-15T13:17:07+00:00", "generator": { "date": "2024-11-15T13:17:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:8781", "initial_release_date": "2022-12-08T07:37:32+00:00", "revision_history": [ { "date": "2022-12-08T07:37:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-12-08T07:37:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:17:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOL 5.5 for RHEL 8", "product": { "name": "RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.5::el8" } } } ], "category": "product_family", "name": "logging for Red Hat OpenShift" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.5.5-8" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.5.5-14" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "product": { "name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "product_id": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "product": { "name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "product_id": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.5.5-19" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "product_id": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "product_id": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "product": { "name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "product_id": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "product_id": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le", "product": { "name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le", "product_id": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "product_id": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "product_id": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "product": { "name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "product_id": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "product_id": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64" }, "product_reference": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x" }, "product_reference": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "relates_to_product_reference": "8Base-RHOL-5.5" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le as a component of RHOL 5.5 for RHEL 8", "product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" }, "product_reference": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-2879", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132867" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/tar: unbounded memory consumption when reading headers", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2879" }, { "category": "external", "summary": "RHBZ#2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54853", "url": "https://github.com/golang/go/issues/54853" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: archive/tar: unbounded memory consumption when reading headers" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-32189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2113814" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32189" }, { "category": "external", "summary": "RHBZ#2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189" }, { "category": "external", "summary": "https://go.dev/issue/53871", "url": "https://go.dev/issue/53871" }, { "category": "external", "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU" } ], "release_date": "2022-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ], "known_not_affected": [ "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x", "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le", "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le", "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64", "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64", "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64", "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64", "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x", "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le", "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64", "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le", "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le", "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x", "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T07:37:32+00:00", "details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8781" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64", "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" } ] }
rhsa-2022_4918
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4918", "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23120", "url": "https://issues.redhat.com/browse/JBEAP-23120" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-15T20:32:59+00:00", "generator": { "date": "2024-11-15T20:32:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:4918", "initial_release_date": "2022-06-06T15:54:15+00:00", "revision_history": [ { "date": "2022-06-06T15:54:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:54:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T20:32:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2024_3061
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3061", "url": "https://access.redhat.com/errata/RHSA-2024:3061" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "RHEL-12764", "url": "https://issues.redhat.com/browse/RHEL-12764" }, { "category": "external", "summary": "RHEL-12765", "url": "https://issues.redhat.com/browse/RHEL-12765" }, { "category": "external", "summary": "RHEL-16724", "url": "https://issues.redhat.com/browse/RHEL-16724" }, { "category": "external", "summary": "RHEL-19140", "url": "https://issues.redhat.com/browse/RHEL-19140" }, { "category": "external", "summary": "RHEL-22445", "url": "https://issues.redhat.com/browse/RHEL-22445" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3061.json" } ], "title": "Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security update", "tracking": { "current_release_date": "2024-11-15T07:38:59+00:00", "generator": { "date": "2024-11-15T07:38:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:3061", "initial_release_date": "2024-05-22T09:32:13+00:00", "revision_history": [ { "date": "2024-05-22T09:32:13+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-05-22T09:32:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:38:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "pki-deps:10.6:8100020240205164017:e155f54d", "product": { "name": "pki-deps:10.6:8100020240205164017:e155f54d", "product_id": "pki-deps:10.6:8100020240205164017:e155f54d", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/pki-deps@10.6:8100020240205164017:e155f54d" } } }, { "category": "product_version", "name": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/fasterxml-oss-parent@49-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch", "product": { "name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch", "product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.10.0%2B21035%2Ba01f6469?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-12.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-12.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-12.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-annotations@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-bom@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-core@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-databind@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "product": { "name": "jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "product_id": "jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.14.2-2.module%2Bel8.10.0%2B21055%2B7d27fa3b?arch=noarch" } } }, { "category": "product_version", "name": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "product": { "name": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "product_id": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-modules-base@2.14.2-2.module%2Bel8.10.0%2B21055%2B7d27fa3b?arch=noarch" } } }, { "category": "product_version", "name": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-parent@2.14-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch", "product": { "name": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch", "product_id": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.62-1.module%2Bel8.10.0%2B21257%2B2b5308b5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch", "product": { "name": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch", "product_id": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=noarch" } } }, { "category": "product_version", "name": "pki-core:10.6:8100020240209023546:a1a9ba2e", "product": { "name": "pki-core:10.6:8100020240209023546:a1a9ba2e", "product_id": "pki-core:10.6:8100020240209023546:a1a9ba2e", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/pki-core@10.6:8100020240209023546:a1a9ba2e" } } }, { "category": "product_version", "name": "idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-ldapjdk@4.24.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-ldapjdk-javadoc@4.24.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-acme@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-base@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-base-java@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-ca@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-kra@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-server@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-tomcatjss@7.8.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product": { "name": "python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_id": "python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-idm-pki@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=noarch" } } }, { "category": "product_version", "name": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "product": { "name": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "product_id": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/resteasy@3.0.26-7.module%2Bel8.10.0%2B21132%2B79720f4e?arch=noarch" } } }, { "category": "product_version", "name": "resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "product": { "name": "resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "product_id": "resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/resteasy-javadoc@3.0.26-7.module%2Bel8.10.0%2B21132%2B79720f4e?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src", "product_id": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src", "product_id": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src", "product_id": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src", "product_id": "bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src", "product_id": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/fasterxml-oss-parent@49-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src", "product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src", "product_id": "glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-12.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src", "product": { "name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src", "product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.10.0%2B21035%2Ba01f6469?arch=src" } } }, { "category": "product_version", "name": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_id": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-annotations@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_id": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-bom@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_id": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-core@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_id": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-databind@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_id": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.14.2-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src", "product": { "name": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src", "product_id": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-modules-base@2.14.2-2.module%2Bel8.10.0%2B21055%2B7d27fa3b?arch=src" } } }, { "category": "product_version", "name": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src", "product_id": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-parent@2.14-1.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src", "product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src", "product_id": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src", "product": { "name": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src", "product_id": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.62-1.module%2Bel8.10.0%2B21257%2B2b5308b5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src", "product_id": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src", "product_id": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src", "product_id": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src", "product_id": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src", "product_id": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src", "product_id": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src", "product_id": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src", "product_id": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src", "product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src", "product": { "name": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src", "product_id": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.10.0%2B20993%2Bd0f024b0?arch=src" } } }, { "category": "product_version", "name": "jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src", "product": { "name": "jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src", "product_id": "jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jss@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=src" } } }, { "category": "product_version", "name": "ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src", "product": { "name": "ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src", "product_id": "ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ldapjdk@4.24.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=src" } } }, { "category": "product_version", "name": "pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src", "product": { "name": "pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src", "product_id": "pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=src" } } }, { "category": "product_version", "name": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src", "product": { "name": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src", "product_id": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/resteasy@3.0.26-7.module%2Bel8.10.0%2B21132%2B79720f4e?arch=src" } } }, { "category": "product_version", "name": "tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src", "product": { "name": "tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src", "product_id": "tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcatjss@7.8.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-debuginfo@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-javadoc@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jss-debugsource@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } }, { "category": "product_version", "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_id": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debugsource@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-debuginfo@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-javadoc@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/jss-debugsource@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } }, { "category": "product_version", "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_id": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debugsource@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-debuginfo@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-javadoc@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/jss-debugsource@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } }, { "category": "product_version", "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_id": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debugsource@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-debuginfo@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-jss-javadoc@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-symkey-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/idm-pki-tools-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jss-debugsource@4.11.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debuginfo@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } }, { "category": "product_version", "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_id": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-core-debugsource@10.15.0-1.module%2Bel8.10.0%2B21280%2Bcce842b8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, "product_reference": "pki-core:10.6:8100020240209023546:a1a9ba2e", "relates_to_product_reference": "AppStream-8.10.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src" }, "product_reference": "jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src" }, "product_reference": "ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src" }, "product_reference": "pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64" }, "product_reference": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le" }, "product_reference": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x" }, "product_reference": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64 as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64" }, "product_reference": "pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch" }, "product_reference": "python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch" }, "product_reference": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src" }, "product_reference": "resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch" }, "product_reference": "resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src as a component of pki-core:10.6:8100020240209023546:a1a9ba2e as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src" }, "product_reference": "tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e" }, { "category": "default_component_of", "full_product_name": { "name": "pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, "product_reference": "pki-deps:10.6:8100020240205164017:e155f54d", "relates_to_product_reference": "AppStream-8.10.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch" }, "product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src" }, "product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch" }, "product_reference": "jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch" }, "product_reference": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src" }, "product_reference": "jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch" }, "product_reference": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src" }, "product_reference": "pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch" }, "product_reference": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" }, { "category": "default_component_of", "full_product_name": { "name": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src as a component of pki-deps:10.6:8100020240205164017:e155f54d as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src" }, "product_reference": "xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src", "relates_to_product_reference": "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src" ], "known_not_affected": [ "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-debuginfo-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-jss-javadoc-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-ldapjdk-javadoc-0:4.24.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-acme-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-base-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-base-java-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-ca-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-kra-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-server-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-symkey-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-pki-tools-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:idm-tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-0:4.11.0-1.module+el8.10.0+21280+cce842b8.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:jss-debugsource-0:4.11.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:ldapjdk-0:4.24.0-1.module+el8.10.0+21280+cce842b8.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-0:10.15.0-1.module+el8.10.0+21280+cce842b8.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debuginfo-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.aarch64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.ppc64le", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.s390x", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:pki-core-debugsource-0:10.15.0-1.module+el8.10.0+21280+cce842b8.x86_64", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:python3-idm-pki-0:10.15.0-1.module+el8.10.0+21280+cce842b8.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-0:3.0.26-7.module+el8.10.0+21132+79720f4e.src", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:resteasy-javadoc-0:3.0.26-7.module+el8.10.0+21132+79720f4e.noarch", "AppStream-8.10.0.GA:pki-core:10.6:8100020240209023546:a1a9ba2e:tomcatjss-0:7.8.0-1.module+el8.10.0+21280+cce842b8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-22T09:32:13+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3061" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-collections-0:3.2.2-10.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-lang-0:2.6-21.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:apache-commons-net-0:3.6-3.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:bea-stax-api-0:1.2.0-16.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:fasterxml-oss-parent-0:49-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-fastinfoset-0:1.2.13-9.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-api-0:2.2.12-8.module+el8.10.0+21035+a01f6469.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-core-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-runtime-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:glassfish-jaxb-txw2-0:2.2.11-12.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-annotations-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-bom-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-core-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-databind-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-json-provider-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-jaxrs-providers-0:2.14.2-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-module-jaxb-annotations-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-modules-base-0:2.14.2-2.module+el8.10.0+21055+7d27fa3b.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jackson-parent-0:2.14-1.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:jakarta-commons-httpclient-1:3.1-28.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:javassist-javadoc-0:3.18.1-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:pki-servlet-engine-1:9.0.62-1.module+el8.10.0+21257+2b5308b5.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:relaxngDatatype-0:2011.1-7.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:slf4j-jdk14-0:1.7.25-4.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:stax-ex-0:1.7.7-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:velocity-0:1.7-24.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xalan-j2-0:2.7.1-38.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xerces-j2-0:2.11.0-34.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-apis-0:1.4.01-25.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xml-commons-resolver-0:1.2-26.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xmlstreambuffer-0:1.5.4-8.module+el8.10.0+20993+d0f024b0.src", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.noarch", "AppStream-8.10.0.GA:pki-deps:10.6:8100020240205164017:e155f54d:xsom-0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" } ] }
rhsa-2022_6783
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6783", "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6783.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-15T10:55:21+00:00", "generator": { "date": "2024-11-15T10:55:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6783", "initial_release_date": "2022-10-04T15:35:14+00:00", "revision_history": [ { "date": "2022-10-04T15:35:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:35:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:55:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022_7411
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7411", "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/articles/11258", "url": "https://access.redhat.com/articles/11258" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", "tracking": { "current_release_date": "2024-11-15T14:59:51+00:00", "generator": { "date": "2024-11-15T14:59:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7411", "initial_release_date": "2022-11-03T14:55:02+00:00", "revision_history": [ { "date": "2022-11-03T14:55:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:55:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:59:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.src", "product": { "name": "rh-sso7-0:1-5.el9sso.src", "product_id": "rh-sso7-0:1-5.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64" } } }, { "category": "product_version", "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src" }, "product_reference": "rh-sso7-0:1-5.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "known_not_affected": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2023_0264
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Logging Subsystem 5.6.0 - Red Hat OpenShift\n\n* logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n* logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n* logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)\n* logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n* org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0264", "url": "https://access.redhat.com/errata/RHSA-2023:0264" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2134876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "LOG-2217", "url": "https://issues.redhat.com/browse/LOG-2217" }, { "category": "external", "summary": "LOG-2620", "url": "https://issues.redhat.com/browse/LOG-2620" }, { "category": "external", "summary": "LOG-2819", "url": "https://issues.redhat.com/browse/LOG-2819" }, { "category": "external", "summary": "LOG-2822", "url": "https://issues.redhat.com/browse/LOG-2822" }, { "category": "external", "summary": "LOG-2843", "url": "https://issues.redhat.com/browse/LOG-2843" }, { "category": "external", "summary": "LOG-2919", "url": "https://issues.redhat.com/browse/LOG-2919" }, { "category": "external", "summary": "LOG-2962", "url": "https://issues.redhat.com/browse/LOG-2962" }, { "category": "external", "summary": "LOG-2993", "url": "https://issues.redhat.com/browse/LOG-2993" }, { "category": "external", "summary": "LOG-3072", "url": "https://issues.redhat.com/browse/LOG-3072" }, { "category": "external", "summary": "LOG-3090", "url": "https://issues.redhat.com/browse/LOG-3090" }, { "category": "external", "summary": "LOG-3129", "url": "https://issues.redhat.com/browse/LOG-3129" }, { "category": "external", "summary": "LOG-3157", "url": "https://issues.redhat.com/browse/LOG-3157" }, { "category": "external", "summary": "LOG-3161", "url": "https://issues.redhat.com/browse/LOG-3161" }, { "category": "external", "summary": "LOG-3168", "url": "https://issues.redhat.com/browse/LOG-3168" }, { "category": "external", "summary": "LOG-3169", "url": "https://issues.redhat.com/browse/LOG-3169" }, { "category": "external", "summary": "LOG-3180", "url": "https://issues.redhat.com/browse/LOG-3180" }, { "category": "external", "summary": "LOG-3186", "url": "https://issues.redhat.com/browse/LOG-3186" }, { "category": "external", "summary": "LOG-3194", "url": "https://issues.redhat.com/browse/LOG-3194" }, { "category": "external", "summary": "LOG-3195", "url": "https://issues.redhat.com/browse/LOG-3195" }, { "category": "external", "summary": "LOG-3208", "url": "https://issues.redhat.com/browse/LOG-3208" }, { "category": "external", "summary": "LOG-3224", "url": "https://issues.redhat.com/browse/LOG-3224" }, { "category": "external", "summary": "LOG-3235", "url": "https://issues.redhat.com/browse/LOG-3235" }, { "category": "external", "summary": "LOG-3286", "url": "https://issues.redhat.com/browse/LOG-3286" }, { "category": "external", "summary": "LOG-3292", "url": "https://issues.redhat.com/browse/LOG-3292" }, { "category": "external", "summary": "LOG-3296", "url": "https://issues.redhat.com/browse/LOG-3296" }, { "category": "external", "summary": "LOG-3309", "url": "https://issues.redhat.com/browse/LOG-3309" }, { "category": "external", "summary": "LOG-3324", "url": "https://issues.redhat.com/browse/LOG-3324" }, { "category": "external", "summary": "LOG-3331", "url": "https://issues.redhat.com/browse/LOG-3331" }, { "category": "external", "summary": "LOG-3446", "url": "https://issues.redhat.com/browse/LOG-3446" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0264.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update", "tracking": { "current_release_date": "2024-11-15T13:19:14+00:00", "generator": { "date": "2024-11-15T13:19:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:0264", "initial_release_date": "2023-01-19T11:03:41+00:00", "revision_history": [ { "date": "2023-01-19T11:03:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-19T11:03:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:19:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOL 5.6 for RHEL 8", "product": { "name": "RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.6::el8" } } } ], "category": "product_family", "name": "logging for Red Hat OpenShift" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "product_id": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "product_id": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "product": { "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "product_id": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "product_id": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "product": { "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "product_id": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "product_id": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.6.0-142" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.6.0-130" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "product": { "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "product_id": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28" } } }, { "category": "product_version", "name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "product": { "name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "product_id": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.6.0-172" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "product_id": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "product": { "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "product_id": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "product_id": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64" }, "product_reference": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x" }, "product_reference": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" }, "product_reference": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-2879", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132867" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/tar: unbounded memory consumption when reading headers", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2879" }, { "category": "external", "summary": "RHBZ#2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54853", "url": "https://github.com/golang/go/issues/54853" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: archive/tar: unbounded memory consumption when reading headers" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-32190", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124668" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/url: JoinPath does not strip relative path components in all circumstances", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32190" }, { "category": "external", "summary": "RHBZ#2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190" }, { "category": "external", "summary": "https://go.dev/issue/54385", "url": "https://go.dev/issue/54385" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/url: JoinPath does not strip relative path components in all circumstances" }, { "cve": "CVE-2022-37601", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-10-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134876" } ], "notes": [ { "category": "description", "text": "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: prototype pollution in function parseQuery in parseQuery.js", "title": "Vulnerability summary" }, { "category": "other", "text": "Packages shipped in Red Hat Enterprise Linux use \u0027loader-utils\u0027 as a transitive dependency. Thus, reducing the impact to Moderate.\n\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37601" }, { "category": "external", "summary": "RHBZ#2134876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37601", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601" }, { "category": "external", "summary": "https://github.com/webpack/loader-utils/issues/212", "url": "https://github.com/webpack/loader-utils/issues/212" } ], "release_date": "2022-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: prototype pollution in function parseQuery in parseQuery.js" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-19T11:03:41+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0264" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" } ] }
rhsa-2022_5101
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Broker 7.10.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.10.0 serves as a replacement for Red Hat AMQ Broker 7.9.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744)\n\n* amq: AMQ Broker Operator ClusterWide Edit Permissions Due Token Exposure (CVE-2022-1833)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* AMQ Broker: Malformed message can result in partial DoS (OOM) (CVE-2021-4040)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* springframework: Spring Framework: Data Binding Rules Vulnerability (CVE-2022-22968)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5101", "url": "https://access.redhat.com/errata/RHSA-2022:5101" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.10.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.10.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/", "url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/" }, { "category": "external", "summary": "1739497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739497" }, { "category": "external", "summary": "2028254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2075441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075441" }, { "category": "external", "summary": "2089406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5101.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.10.0 release and security update", "tracking": { "current_release_date": "2024-11-15T14:52:32+00:00", "generator": { "date": "2024-11-15T14:52:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:5101", "initial_release_date": "2022-06-16T14:52:46+00:00", "revision_history": [ { "date": "2022-06-16T14:52:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-16T14:52:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:52:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat AMQ 7.10.0", "product": { "name": "Red Hat AMQ 7.10.0", "product_id": "Red Hat AMQ 7.10.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_broker:7" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-10744", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1739497" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties", "title": "Vulnerability summary" }, { "category": "other", "text": "The lodash dependency is included in OpenShift Container Platform (OCP) by Kibana in the aggregated logging stack. Elastic have issued a security advisory (ESA-2019-10) for Kibana for this vulnerability, and in that advisory stated that no exploit vectors had been identified in Kibana. Therefore we rate this issue as moderate for OCP and may fix this issue in a future release.\n\nhttps://www.elastic.co/community/security\n\nThis issue did not affect the versions of rh-nodejs8-nodejs and rh-nodejs10-nodejs as shipped with Red Hat Software Collections.\n\nWhilst a vulnerable version of lodash has been included in ServiceMesh, the impact is lowered to Moderate due to the library not being directly accessible increasing the attack complexity and the fact that the attacker would need some existing access - meaning the vulnerability is not crossing a privilege boundary.\n\nRed Hat Quay imports lodash as a runtime dependency of restangular. The restangular function in use by Red Hat Quay do not use lodash to parse user input. This issue therefore rated moderate impact for Red Hat Quay.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ 7.10.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10744" }, { "category": "external", "summary": "RHBZ#1739497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739497" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10744", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10744" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10744", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10744" } ], "release_date": "2019-08-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-16T14:52:46+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ 7.10.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5101" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat AMQ 7.10.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties" }, { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ 7.10.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-16T14:52:46+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ 7.10.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5101" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ 7.10.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-4040", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2028254" } ], "notes": [ { "category": "description", "text": "A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "Broker: Malformed message can result in partial DoS (OOM)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ 7.10.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4040" }, { "category": "external", "summary": "RHBZ#2028254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4040", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4040" } ], "release_date": "2021-11-19T12:05:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-16T14:52:46+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ 7.10.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5101" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat AMQ 7.10.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Broker: Malformed message can result in partial DoS (OOM)" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ 7.10.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-16T14:52:46+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ 7.10.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5101" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ 7.10.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "acknowledgments": [ { "names": [ "Lukas Bauer" ], "organization": "T-Systems International GmbH" } ], "cve": "CVE-2022-1833", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2022-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2089406" } ], "notes": [ { "category": "description", "text": "A flaw was found in AMQ Broker Operator, installed via UI using the OperatorHub. In this vulnerability, a low-privilege user with access to the Operator deployed namespace has access to cluster-wide edit rights. This flaw allows an attacker to have full cluster management access.", "title": "Vulnerability description" }, { "category": "summary", "text": "amq: AMQ Broker Operator ClusterWide Edit Permissions Due Token Exposure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ 7.10.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1833" }, { "category": "external", "summary": "RHBZ#2089406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1833", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1833" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1833", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1833" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/html/deploying_amq_broker_on_openshift_container_platform/broker-operator-broker-ocp", "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/html/deploying_amq_broker_on_openshift_container_platform/broker-operator-broker-ocp" } ], "release_date": "2022-06-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-16T14:52:46+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ 7.10.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5101" }, { "category": "workaround", "details": "In order to have these privileges correctly set in this version, opt for using the CLI method at https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/html/deploying_amq_broker_on_openshift_container_platform/broker-operator-broker-ocp#operator-install-broker-ocp\n\nMake sure to use the latest available version in order to have access to the latest bug and security fixes.", "product_ids": [ "Red Hat AMQ 7.10.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ 7.10.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "amq: AMQ Broker Operator ClusterWide Edit Permissions Due Token Exposure" }, { "cve": "CVE-2022-22968", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2075441" } ], "notes": [ { "category": "description", "text": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: Data Binding Rules Vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ 7.10.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22968" }, { "category": "external", "summary": "RHBZ#2075441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075441" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22968", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22968" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22968", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22968" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22968", "url": "https://tanzu.vmware.com/security/cve-2022-22968" } ], "release_date": "2022-04-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-16T14:52:46+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ 7.10.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5101" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ 7.10.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Framework: Data Binding Rules Vulnerability" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ 7.10.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-16T14:52:46+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ 7.10.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5101" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ 7.10.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022_4919
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4919", "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23121", "url": "https://issues.redhat.com/browse/JBEAP-23121" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-15T20:32:50+00:00", "generator": { "date": "2024-11-15T20:32:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:4919", "initial_release_date": "2022-06-06T16:00:48+00:00", "revision_history": [ { "date": "2022-06-06T16:00:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T16:00:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T20:32:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2022_7409
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7409", "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-15T15:00:37+00:00", "generator": { "date": "2024-11-15T15:00:37+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7409", "initial_release_date": "2022-11-03T14:54:26+00:00", "revision_history": [ { "date": "2022-11-03T14:54:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:00:37+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022_7410
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7410", "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-15T15:00:30+00:00", "generator": { "date": "2024-11-15T15:00:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7410", "initial_release_date": "2022-11-03T14:54:28+00:00", "revision_history": [ { "date": "2022-11-03T14:54:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:00:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2023_3223
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* scala: deserialization gadget chain (CVE-2022-36944)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* Red Hat A-MQ Streams: component version with information disclosure flaw (CVE-2023-0833)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3223", "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.4.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.4.0" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "2129809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129809" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2154086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086" }, { "category": "external", "summary": "2169845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169845" }, { "category": "external", "summary": "2185707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707" }, { "category": "external", "summary": "2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "ENTMQST-4107", "url": "https://issues.redhat.com/browse/ENTMQST-4107" }, { "category": "external", "summary": "ENTMQST-4541", "url": "https://issues.redhat.com/browse/ENTMQST-4541" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3223.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update", "tracking": { "current_release_date": "2024-11-15T15:07:24+00:00", "generator": { "date": "2024-11-15T15:07:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:3223", "initial_release_date": "2023-05-18T09:54:05+00:00", "revision_history": [ { "date": "2023-05-18T09:54:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-05-18T09:54:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:07:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat AMQ Streams 2.4.0", "product": { "name": "Red Hat AMQ Streams 2.4.0", "product_id": "Red Hat AMQ Streams 2.4.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_streams:2" } } } ], "category": "product_family", "name": "Streams for Apache Kafka" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-0341", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-10-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2154086" } ], "notes": [ { "category": "description", "text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069", "title": "Vulnerability description" }, { "category": "summary", "text": "okhttp: information disclosure via improperly used cryptographic function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-0341" }, { "category": "external", "summary": "RHBZ#2154086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-0341", "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341" }, { "category": "external", "summary": "https://source.android.com/security/bulletin/2021-02-01", "url": "https://source.android.com/security/bulletin/2021-02-01" } ], "release_date": "2021-02-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "okhttp: information disclosure via improperly used cryptographic function" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-46877", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-46877" }, { "category": "external", "summary": "RHBZ#2185707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-46877", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46877" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877" } ], "release_date": "2023-03-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-36944", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129809" } ], "notes": [ { "category": "description", "text": "A flaw was found in Scala\u0027s LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "scala: deserialization gadget chain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-36944" }, { "category": "external", "summary": "RHBZ#2129809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129809" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-36944", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36944" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36944", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36944" }, { "category": "external", "summary": "https://github.com/scala/scala/pull/10118", "url": "https://github.com/scala/scala/pull/10118" } ], "release_date": "2022-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "category": "workaround", "details": "Users of Scala\u0027s LazyList should never permit deserialization of untrusted data.", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "scala: deserialization gadget chain" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2023-0833", "cwe": { "id": "CWE-209", "name": "Generation of Error Message Containing Sensitive Information" }, "discovery_date": "2023-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169845" } ], "notes": [ { "category": "description", "text": "A flaw was found in Red Hat\u0027s AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.", "title": "Vulnerability description" }, { "category": "summary", "text": "Streams: component version with information disclosure flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0833" }, { "category": "external", "summary": "RHBZ#2169845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169845" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0833", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0833" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0833", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0833" }, { "category": "external", "summary": "https://github.com/square/okhttp/issues/6738", "url": "https://github.com/square/okhttp/issues/6738" } ], "release_date": "2023-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Streams: component version with information disclosure flaw" }, { "cve": "CVE-2023-1370", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2188542" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1370" }, { "category": "external", "summary": "RHBZ#2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258", "url": "https://github.com/advisories/GHSA-493p-pfq6-5258" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)" }, { "cve": "CVE-2023-25194", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216516" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Kafka Connect\u0027s REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a denial of service or execute arbitrary code on the server, given presence of vulnerable classes on the server\u0027s classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25194" }, { "category": "external", "summary": "RHBZ#2216516", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216516" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25194", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25194" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25194", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25194" }, { "category": "external", "summary": "https://kafka.apache.org/cve-list#CVE-2023-25194", "url": "https://kafka.apache.org/cve-list#CVE-2023-25194" }, { "category": "external", "summary": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz", "url": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-18T09:54:05+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect" } ] }
rhsa-2022_5596
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Quarkus 2.7.6 includes security updates, bug\nfixes, and enhancements. For more information, see the release notes page listed\nin the References section.\n\nSecurity Fix(es):\n\n* CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects [quarkus-2]", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5596", "url": "https://access.redhat.com/errata/RHSA-2022:5596" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/" }, { "category": "external", "summary": "https://access.redhat.com/articles/4966181", "url": "https://access.redhat.com/articles/4966181" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5596.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Quarkus 2.7.6 release and security update", "tracking": { "current_release_date": "2024-11-15T07:37:10+00:00", "generator": { "date": "2024-11-15T07:37:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:5596", "initial_release_date": "2022-07-19T11:30:32+00:00", "revision_history": [ { "date": "2022-07-19T11:30:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-07-19T11:30:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:37:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Quarkus 2.7.6", "product": { "name": "Red Hat build of Quarkus 2.7.6", "product_id": "Red Hat build of Quarkus 2.7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:quarkus:2.7" } } } ], "category": "product_family", "name": "Red Hat build of Quarkus" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Quarkus 2.7.6" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-19T11:30:32+00:00", "details": "Before applying the update, back up your existing installation, including all\napplications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update.\nYou must be logged in to download the update.", "product_ids": [ "Red Hat build of Quarkus 2.7.6" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5596" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Quarkus 2.7.6" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" } ] }
rhsa-2022_6407
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A minor version update is now available for Red Hat Integration Camel K. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.\n\nSecurity Fix(es):\n\n* hadoop: WebHDFS client might send SPNEGO authorization header (CVE-2020-9492)\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* mysql-connector-java: unauthorized access to critical (CVE-2021-2471)\n\n* lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)\n\n* elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure (CVE-2021-22132)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\n* jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)\n\n* Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)\n\n* xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)\n\n* resteasy: Error message exposes endpoint class information (CVE-2021-20289)\n\n* elasticsearch: Document disclosure flaw when Document or Field Level Security is used (CVE-2021-22137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6407", "url": "https://access.redhat.com/errata/RHSA-2022:6407" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2022-Q3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q3", "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q3" }, { "category": "external", "summary": "1923181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923181" }, { "category": "external", "summary": "1925237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925237" }, { "category": "external", "summary": "1934116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116" }, { "category": "external", "summary": "1935927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927" }, { "category": "external", "summary": "1943189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943189" }, { "category": "external", "summary": "1945710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710" }, { "category": "external", "summary": "1945712", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712" }, { "category": "external", "summary": "1945714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714" }, { "category": "external", "summary": "1954559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559" }, { "category": "external", "summary": "1977362", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362" }, { "category": "external", "summary": "1995259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259" }, { "category": "external", "summary": "2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "2011190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190" }, { "category": "external", "summary": "2020583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020583" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6407.json" } ], "title": "Red Hat Security Advisory: Red Hat Integration Camel-K 1.8 security update", "tracking": { "current_release_date": "2024-11-15T12:02:20+00:00", "generator": { "date": "2024-11-15T12:02:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6407", "initial_release_date": "2022-09-09T07:12:07+00:00", "revision_history": [ { "date": "2022-09-09T07:12:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-09T07:12:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T12:02:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHAF Camel-K 1.8", "product": { "name": "RHAF Camel-K 1.8", "product_id": "RHAF Camel-K 1.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:integration:1" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-9492", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1925237" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache hadoop. The WebHDFS client can send a SPNEGO authorization header to a remote URL without proper verification which could lead to an access restriction bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "hadoop: WebHDFS client might send SPNEGO authorization header", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform (OCP) does package a vulnerable version of hadoop-hdfs-client in the hadoop and hive containers, the HDFS storage back-end is not enabled by default and is largely undocumented/unsupported. However, as it still can be enabled by using the configuration option `unsupportedFeatures.enabledHDFS`, the vulnerability has been rated Moderate for OCP.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of hadoop package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9492" }, { "category": "external", "summary": "RHBZ#1925237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9492", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9492" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9492", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9492" }, { "category": "external", "summary": "https://hadoop.apache.org/cve_list.html", "url": "https://hadoop.apache.org/cve_list.html" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-1065272", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-1065272" } ], "release_date": "2021-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "hadoop: WebHDFS client might send SPNEGO authorization header" }, { "cve": "CVE-2020-27223", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1934116" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27223" }, { "category": "external", "summary": "RHBZ#1934116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7" } ], "release_date": "2021-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS" }, { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-2471", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020583" } ], "notes": [ { "category": "description", "text": "MySQL Connector/J has no security check when external general entities are included in XML sources, consequently, there exists an XML External Entity(XXE) vulnerability. A successful attack can access critical data and gain full control/access to all MySQL Connectors\u0027 accessible data without any authorization.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: unauthorized access to critical", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Presto component is part of the OCP Metering stack and it ships the vulnerable version of the MySQL Connector/J package. Since the release of OCP 4.6, the Metering product has been deprecated and is removed from OCP starting from 4.9 version [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html#ocp-4-9-deprecated-removed-features", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-2471" }, { "category": "external", "summary": "RHBZ#2020583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020583" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-2471", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-2471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2471" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2021.html", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "release_date": "2021-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql-connector-java: unauthorized access to critical" }, { "cve": "CVE-2021-3520", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954559" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", "title": "Vulnerability description" }, { "category": "summary", "text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3520" }, { "category": "external", "summary": "RHBZ#1954559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520" } ], "release_date": "2021-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument" }, { "cve": "CVE-2021-3629", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1977362" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3629" }, { "category": "external", "summary": "RHBZ#1977362", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3629", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS" }, { "acknowledgments": [ { "names": [ "Dirk Papenberg" ], "organization": "NTT DATA Germany" } ], "cve": "CVE-2021-20289", "cwe": { "id": "CWE-209", "name": "Generation of Error Message Containing Sensitive Information" }, "discovery_date": "2021-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1935927" } ], "notes": [ { "category": "description", "text": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Error message exposes endpoint class information", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20289" }, { "category": "external", "summary": "RHBZ#1935927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20289", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289" } ], "release_date": "2021-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "resteasy: Error message exposes endpoint class information" }, { "cve": "CVE-2021-22132", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "discovery_date": "2021-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1923181" } ], "notes": [ { "category": "description", "text": "Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2", "title": "Vulnerability description" }, { "category": "summary", "text": "elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22132" }, { "category": "external", "summary": "RHBZ#1923181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923181" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22132", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22132" }, { "category": "external", "summary": "https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update/261164", "url": "https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update/261164" } ], "release_date": "2021-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure" }, { "cve": "CVE-2021-22137", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1943189" } ], "notes": [ { "category": "description", "text": "In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.", "title": "Vulnerability description" }, { "category": "summary", "text": "elasticsearch: Document disclosure flaw when Document or Field Level Security is used", "title": "Vulnerability summary" }, { "category": "other", "text": "In Elasticsearch, Document and Field Level Security is an enterprise only feature [1]. Hence the open source version is unaffected by this vulnerability.\n\n[1] https://www.elastic.co/subscriptions", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22137" }, { "category": "external", "summary": "RHBZ#1943189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943189" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22137" }, { "category": "external", "summary": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125", "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" } ], "release_date": "2021-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "elasticsearch: Document disclosure flaw when Document or Field Level Security is used" }, { "cve": "CVE-2021-28163", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945710" } ], "notes": [ { "category": "description", "text": "If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Symlink directory exposes webapp directory contents", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28163" }, { "category": "external", "summary": "RHBZ#1945710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28163", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq" } ], "release_date": "2021-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jetty: Symlink directory exposes webapp directory contents" }, { "cve": "CVE-2021-28164", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945712" } ], "notes": [ { "category": "description", "text": "In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Ambiguous paths can access WEB-INF", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28164" }, { "category": "external", "summary": "RHBZ#1945712", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28164", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28164" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5" } ], "release_date": "2021-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jetty: Ambiguous paths can access WEB-INF" }, { "cve": "CVE-2021-28165", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945714" } ], "notes": [ { "category": "description", "text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Resource exhaustion when receiving an invalid large TLS frame", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28165" }, { "category": "external", "summary": "RHBZ#1945714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w" } ], "release_date": "2021-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jetty: Resource exhaustion when receiving an invalid large TLS frame" }, { "cve": "CVE-2021-37714", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1995259" } ], "notes": [ { "category": "description", "text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37714" }, { "category": "external", "summary": "RHBZ#1995259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714" }, { "category": "external", "summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c", "url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c" } ], "release_date": "2021-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck" }, { "cve": "CVE-2021-38153", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2021-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2009041" } ], "notes": [ { "category": "description", "text": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-38153" }, { "category": "external", "summary": "RHBZ#2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38153", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153" } ], "release_date": "2021-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients" }, { "cve": "CVE-2021-40690", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2011190" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.", "title": "Vulnerability description" }, { "category": "summary", "text": "xml-security: XPath Transform abuse allows for information disclosure", "title": "Vulnerability summary" }, { "category": "other", "text": "Since OpenShift Container Platform (OCP) 4.7, the logging-elasticsearch6-container is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHAF Camel-K 1.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-40690" }, { "category": "external", "summary": "RHBZ#2011190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-40690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E", "url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E" } ], "release_date": "2021-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-09T07:12:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHAF Camel-K 1.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHAF Camel-K 1.8" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xml-security: XPath Transform abuse allows for information disclosure" } ] }
rhsa-2022_5029
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat build of Eclipse Vert.x.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Eclipse Vert.x 4.2.7 GA includes security updates. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5029", "url": "https://access.redhat.com/errata/RHSA-2022:5029" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=4.2.7", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=4.2.7" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.2/html/release_notes_for_eclipse_vert.x_4.2/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.2/html/release_notes_for_eclipse_vert.x_4.2/index" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5029.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.7 security update", "tracking": { "current_release_date": "2024-11-15T14:53:20+00:00", "generator": { "date": "2024-11-15T14:53:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:5029", "initial_release_date": "2022-06-23T10:41:58+00:00", "revision_history": [ { "date": "2022-06-23T10:41:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-23T10:41:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:53:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Eclipse Vert.x 4.2.7", "product": { "name": "Red Hat build of Eclipse Vert.x 4.2.7", "product_id": "Red Hat build of Eclipse Vert.x 4.2.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Eclipse Vert.x 4.2.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-23T10:41:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat build of Eclipse Vert.x 4.2.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5029" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Eclipse Vert.x 4.2.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080850" } ], "notes": [ { "category": "description", "text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Eclipse Vert.x 4.2.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25647" }, { "category": "external", "summary": "RHBZ#2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" } ], "release_date": "2022-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-23T10:41:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat build of Eclipse Vert.x 4.2.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5029" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Eclipse Vert.x 4.2.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson" } ] }
rhsa-2022_2232
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid is now available.\n \nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.\n \nData Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3].\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects [jdg-8] (CVE-2020-36518)\n\n* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients [jdg-8] (CVE-2021-38153)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [jdg-8] (CVE-2022-0084)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:2232", "url": "https://access.redhat.com/errata/RHSA-2022:2232" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=8.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=8.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index" }, { "category": "external", "summary": "2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2232.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 8.3.1 security update", "tracking": { "current_release_date": "2024-11-15T10:52:45+00:00", "generator": { "date": "2024-11-15T10:52:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:2232", "initial_release_date": "2022-05-12T11:58:17+00:00", "revision_history": [ { "date": "2022-05-12T11:58:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-12T11:58:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:52:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 8.3.1", "product": { "name": "Red Hat Data Grid 8.3.1", "product_id": "Red Hat Data Grid 8.3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:8" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-12T11:58:17+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.3.1 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.3.1 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2232" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.3.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-38153", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2021-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2009041" } ], "notes": [ { "category": "description", "text": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-38153" }, { "category": "external", "summary": "RHBZ#2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38153", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153" } ], "release_date": "2021-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-12T11:58:17+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.3.1 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.3.1 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2232" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.3.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 8.3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-12T11:58:17+00:00", "details": "To install this update, do the following:\n \n1. Download the Data Grid 8.3.1 Server patch from the customer portal[\u00b2].\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 8.3.1 Server patch.\n4. Restart Data Grid to ensure the changes take effect.\n\nFor more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[\u00b3]", "product_ids": [ "Red Hat Data Grid 8.3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2232" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 8.3.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" } ] }
rhsa-2022_6782
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6782", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6782.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-15T10:55:14+00:00", "generator": { "date": "2024-11-15T10:55:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6782", "initial_release_date": "2022-10-04T16:02:49+00:00", "revision_history": [ { "date": "2022-10-04T16:02:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T16:02:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:55:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022_6819
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Streams 2.2.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* kafka: Unauthenticated clients may cause OutOfMemoryError on brokers (CVE-2022-34917)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6819", "url": "https://access.redhat.com/errata/RHSA-2022:6819" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.2.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.2.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2", "url": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "2130018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130018" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6819.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.2.0 release and security update", "tracking": { "current_release_date": "2024-11-15T14:57:17+00:00", "generator": { "date": "2024-11-15T14:57:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6819", "initial_release_date": "2022-10-05T14:30:17+00:00", "revision_history": [ { "date": "2022-10-05T14:30:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-05T14:30:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:57:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat AMQ Streams 2.2.0", "product": { "name": "Red Hat AMQ Streams 2.2.0", "product_id": "Red Hat AMQ Streams 2.2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_streams:2" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T14:30:17+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6819" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T14:30:17+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6819" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "Red Hat AMQ Streams 2.2.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.2.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080850" } ], "notes": [ { "category": "description", "text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25647" }, { "category": "external", "summary": "RHBZ#2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" } ], "release_date": "2022-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T14:30:17+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6819" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.2.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson" }, { "cve": "CVE-2022-34917", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2022-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2130018" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Kafka that allows malicious unauthenticated clients to allocate large amounts of memory on brokers, which could lead to an Out Of Memory Exception, causing a denial of service. Various authentication methods were affected in different degrees. In Kafka clusters without authentication, any client able to connect to a broker could trigger the issue. In Kafka clusters with SASL authentication, any client able to connect to a broker without the need for valid SASL credentials could trigger the issue. Lastly, in Kafka clusters with TLS authentication, only clients able to successfully authenticate via TLS could trigger the issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kafka: Unauthenticated clients may cause OutOfMemoryError on brokers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat AMQ Streams 2.2.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-34917" }, { "category": "external", "summary": "RHBZ#2130018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130018" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-34917", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34917" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917" } ], "release_date": "2022-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T14:30:17+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat AMQ Streams 2.2.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6819" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat AMQ Streams 2.2.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Kafka: Unauthenticated clients may cause OutOfMemoryError on brokers" } ] }
rhsa-2022_7435
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Logging subsystem for Red Hat OpenShift 5.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Logging Subsystem 5.4.8 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7435", "url": "https://access.redhat.com/errata/RHSA-2022:7435" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2134010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "LOG-3250", "url": "https://issues.redhat.com/browse/LOG-3250" }, { "category": "external", "summary": "LOG-3252", "url": "https://issues.redhat.com/browse/LOG-3252" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7435.json" } ], "title": "Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update", "tracking": { "current_release_date": "2024-11-15T13:16:52+00:00", "generator": { "date": "2024-11-15T13:16:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7435", "initial_release_date": "2022-11-16T12:13:01+00:00", "revision_history": [ { "date": "2022-11-16T12:13:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-16T12:13:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:16:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOL 5.4 for RHEL 8", "product": { "name": "RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.4::el8" } } } ], "category": "product_family", "name": "logging for Red Hat OpenShift" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "product_id": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "product": { "name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "product_id": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "product_id": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "product_id": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "product": { "name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "product_id": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "product_id": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "product_id": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "product_id": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "product": { "name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "product_id": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.4.8-7" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.4.8-11" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64", "product": { "name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64", "product_id": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67" } } }, { "category": "product_version", "name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "product": { "name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "product_id": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.4.8-20" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64" }, "product_reference": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x" }, "product_reference": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le" }, "product_reference": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ], "known_not_affected": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-16T12:13:01+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7435" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2022-32149", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "discovery_date": "2022-10-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134010" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64" ], "known_not_affected": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32149" }, { "category": "external", "summary": "RHBZ#2134010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149" }, { "category": "external", "summary": "https://go.dev/issue/56152", "url": "https://go.dev/issue/56152" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU", "url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU" } ], "release_date": "2022-10-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-16T12:13:01+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7435" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ], "known_not_affected": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-16T12:13:01+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7435" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ], "known_not_affected": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-16T12:13:01+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7435" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" } ] }
rhsa-2022_6787
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6787", "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/products/red-hat-single-sign-on/", "url": "https://access.redhat.com/products/red-hat-single-sign-on/" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6787.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update", "tracking": { "current_release_date": "2024-11-15T10:55:06+00:00", "generator": { "date": "2024-11-15T10:55:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6787", "initial_release_date": "2022-10-04T15:53:11+00:00", "revision_history": [ { "date": "2022-10-04T15:53:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:53:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T10:55:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "Red Hat Single Sign-On 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022_5532
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* fastjson (CVE-2022-25845)\n\n* jackson-databind (CVE-2020-36518)\n\n* mysql-connector-java (CVE-2021-2471, CVE-2022-21363)\n\n* undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)\n\n* wildfly-elytron (CVE-2021-3642)\n\n* nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)\n\n* 3 qt (CVE-2021-3859)\n\n* kubernetes-client (CVE-2021-4178)\n\n* spring-security (CVE-2021-22119)\n\n* protobuf-java (CVE-2021-22569)\n\n* google-oauth-client (CVE-2021-22573)\n\n* XStream (CVE-2021-29505, CVE-2021-43859)\n\n* jdom (CVE-2021-33813, CVE-2021-33813)\n\n* apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)\n\n* Kafka (CVE-2021-38153)\n\n* xml-security (CVE-2021-40690)\n\n* logback (CVE-2021-42550)\n\n* netty (CVE-2021-43797)\n\n* xnio (CVE-2022-0084)\n\n* jdbc-postgresql (CVE-2022-21724)\n\n* spring-expression (CVE-2022-22950)\n\n* springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096, CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)\n\n* h2 (CVE-2022-23221)\n\n* junrar (CVE-2022-23596)\n\n* artemis-commons (CVE-2022-23913)\n\n* elasticsearch (CVE-2020-7020)\n\n* tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122, CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340, CVE-2022-23181)\n\n* junit4 (CVE-2020-15250)\n\n* wildfly-core (CVE-2020-25689, CVE-2021-3644)\n\n* kotlin (CVE-2020-29582)\n\n* karaf (CVE-2021-41766, CVE-2022-22932)\n\n* Spring Framework (CVE-2022-22968)\n\n* metadata-extractor (CVE-2022-24614)\n\n* poi-scratchpad (CVE-2022-26336)\n\n* postgresql-jdbc (CVE-2022-26520)\n\n* tika-core (CVE-2022-30126)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5532", "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.11.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.11.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/" }, { "category": "external", "summary": "1838332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332" }, { "category": "external", "summary": "1887810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887810" }, { "category": "external", "summary": "1893070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893070" }, { "category": "external", "summary": "1893125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893125" }, { "category": "external", "summary": "1917209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917209" }, { "category": "external", "summary": "1930291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930291" }, { "category": "external", "summary": "1934032", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934032" }, { "category": "external", "summary": "1934061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934061" }, { "category": "external", "summary": "1966735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966735" }, { "category": "external", "summary": "1973413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973413" }, { "category": "external", "summary": "1976052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052" }, { "category": "external", "summary": "1977064", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977064" }, { "category": "external", "summary": "1977362", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362" }, { "category": "external", "summary": "1981407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407" }, { "category": "external", "summary": "1981533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981533" }, { "category": "external", "summary": "1981544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544" }, { "category": "external", "summary": "1981895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981895" }, { "category": "external", "summary": "1981900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981900" }, { "category": "external", "summary": "1981903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981903" }, { "category": "external", "summary": "1981909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981909" }, { "category": "external", "summary": "2004820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004820" }, { "category": "external", "summary": "2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "2010378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378" }, { "category": "external", "summary": "2011190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190" }, { "category": "external", "summary": "2014356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356" }, { "category": "external", "summary": "2020583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020583" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2033560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033560" }, { "category": "external", "summary": "2034388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388" }, { "category": "external", "summary": "2034584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584" }, { "category": "external", "summary": "2039903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2046279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046279" }, { "category": "external", "summary": "2046282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046282" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2047417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047417" }, { "category": "external", "summary": "2049778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049778" }, { "category": "external", "summary": "2049783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049783" }, { "category": "external", "summary": "2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "2055480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055480" }, { "category": "external", "summary": "2058763", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058763" }, { "category": "external", "summary": "2063292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063292" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2069414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414" }, { "category": "external", "summary": "2072339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "2075441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075441" }, { "category": "external", "summary": "2081879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081879" }, { "category": "external", "summary": "2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "2087272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087272" }, { "category": "external", "summary": "2087274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087274" }, { "category": "external", "summary": "2087606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606" }, { "category": "external", "summary": "2088523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088523" }, { "category": "external", "summary": "2100654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100654" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5532.json" } ], "title": "Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update", "tracking": { "current_release_date": "2024-11-15T20:33:08+00:00", "generator": { "date": "2024-11-15T20:33:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:5532", "initial_release_date": "2022-07-07T14:19:49+00:00", "revision_history": [ { "date": "2022-07-07T14:19:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-07-07T14:19:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T20:33:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Fuse 7.11", "product": { "name": "Red Hat Fuse 7.11", "product_id": "Red Hat Fuse 7.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7020", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-10-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1893125" } ], "notes": [ { "category": "description", "text": "Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.", "title": "Vulnerability description" }, { "category": "summary", "text": "elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7020" }, { "category": "external", "summary": "RHBZ#1893125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7020", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7020" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7020", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7020" }, { "category": "external", "summary": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033", "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033" }, { "category": "external", "summary": "https://www.elastic.co/community/security/", "url": "https://www.elastic.co/community/security/" } ], "release_date": "2020-10-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure" }, { "cve": "CVE-2020-9484", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-05-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1838332" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in Apache Tomcat\u0027s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: deserialization flaw in session persistence storage leading to RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the pki-servlet-engine component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of pki-servlet-engine outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products. A future update may update Tomcat in pki-servlet-engine.\n\nRed Hat Satellite do not ship Tomcat and rather use its configuration. The product is not affected because configuration does not make use of PersistanceManager or FileStore. Tomcat updates can be obtain from Red Hat Enterprise Linux (RHEL) RHSA.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9484" }, { "category": "external", "summary": "RHBZ#1838332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9484", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E" }, { "category": "external", "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5", "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5" }, { "category": "external", "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35" } ], "release_date": "2020-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "category": "workaround", "details": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.", "product_ids": [ "Red Hat Fuse 7.11" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat: deserialization flaw in session persistence storage leading to RCE" }, { "cve": "CVE-2020-15250", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-10-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887810" } ], "notes": [ { "category": "description", "text": "In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system\u0027s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.", "title": "Vulnerability description" }, { "category": "summary", "text": "junit4: TemporaryFolder is shared between all users across system which could result in information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15250" }, { "category": "external", "summary": "RHBZ#1887810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887810" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15250", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15250" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15250" }, { "category": "external", "summary": "https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp", "url": "https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp" } ], "release_date": "2020-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "junit4: TemporaryFolder is shared between all users across system which could result in information disclosure" }, { "cve": "CVE-2020-25689", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-10-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1893070" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25689" }, { "category": "external", "summary": "RHBZ#1893070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25689", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25689" } ], "release_date": "2020-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller" }, { "cve": "CVE-2020-29582", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-02-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930291" } ], "notes": [ { "category": "description", "text": "In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.", "title": "Vulnerability description" }, { "category": "summary", "text": "kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat CodeReady Studio 12 is not affected by this vulnerability because It ships kotlin-stdlib. The vulnerable component is not in kotlin-stdlib.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-29582" }, { "category": "external", "summary": "RHBZ#1930291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930291" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-29582", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29582" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-29582", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29582" }, { "category": "external", "summary": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/", "url": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/" } ], "release_date": "2021-02-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure" }, { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-2471", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020583" } ], "notes": [ { "category": "description", "text": "MySQL Connector/J has no security check when external general entities are included in XML sources, consequently, there exists an XML External Entity(XXE) vulnerability. A successful attack can access critical data and gain full control/access to all MySQL Connectors\u0027 accessible data without any authorization.", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: unauthorized access to critical", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Presto component is part of the OCP Metering stack and it ships the vulnerable version of the MySQL Connector/J package. Since the release of OCP 4.6, the Metering product has been deprecated and is removed from OCP starting from 4.9 version [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html#ocp-4-9-deprecated-removed-features", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-2471" }, { "category": "external", "summary": "RHBZ#2020583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020583" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-2471", "url": "https://www.cve.org/CVERecord?id=CVE-2021-2471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-2471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2471" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2021.html", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "release_date": "2021-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql-connector-java: unauthorized access to critical" }, { "cve": "CVE-2021-3629", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1977362" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3629" }, { "category": "external", "summary": "RHBZ#1977362", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3629", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS" }, { "cve": "CVE-2021-3642", "cwe": { "id": "CWE-203", "name": "Observable Discrepancy" }, "discovery_date": "2021-06-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981407" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: possible timing attack in ScramServer", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3642" }, { "category": "external", "summary": "RHBZ#1981407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3642", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3642" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3642" } ], "release_date": "2021-06-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: possible timing attack in ScramServer" }, { "acknowledgments": [ { "names": [ "Darran Lofthouse" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-3644", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1976052" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Invalid Sensitivity Classification of Vault Expression", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat CodeReady Studio 12 is not affected by this flaw as it does not ship the vulnerable component of wildfly.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3644" }, { "category": "external", "summary": "RHBZ#1976052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3644", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3644" } ], "release_date": "2021-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "wildfly-core: Invalid Sensitivity Classification of Vault Expression" }, { "cve": "CVE-2021-3807", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2007557" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3807" }, { "category": "external", "summary": "RHBZ#2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807" }, { "category": "external", "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994", "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994" } ], "release_date": "2021-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes" }, { "cve": "CVE-2021-3859", "cwe": { "id": "CWE-214", "name": "Invocation of Process Using Visible Sensitive Information" }, "discovery_date": "2021-09-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2010378" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: client side invocation timeout raised when calling over HTTP2", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3859" }, { "category": "external", "summary": "RHBZ#2010378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3859", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3859" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: client side invocation timeout raised when calling over HTTP2" }, { "acknowledgments": [ { "names": [ "Jordy Versmissen" ] } ], "cve": "CVE-2021-4178", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034388" } ], "notes": [ { "category": "description", "text": "A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes-client: Insecure deserialization in unmarshalYaml method", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4178" }, { "category": "external", "summary": "RHBZ#2034388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4178", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4178" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178" } ], "release_date": "2022-01-05T15:05:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes-client: Insecure deserialization in unmarshalYaml method" }, { "cve": "CVE-2021-22060", "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2055480" } ], "notes": [ { "category": "description", "text": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22060" }, { "category": "external", "summary": "RHBZ#2055480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055480" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22060", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22060" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22060", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22060" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)" }, { "cve": "CVE-2021-22096", "discovery_date": "2021-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034584" } ], "notes": [ { "category": "description", "text": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: malicious input leads to insertion of additional log entries", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22096" }, { "category": "external", "summary": "RHBZ#2034584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22096", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22096" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096" } ], "release_date": "2021-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "springframework: malicious input leads to insertion of additional log entries" }, { "cve": "CVE-2021-22119", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1977064" } ], "notes": [ { "category": "description", "text": "Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22119" }, { "category": "external", "summary": "RHBZ#1977064", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977064" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22119", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22119" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22119", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22119" } ], "release_date": "2021-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request" }, { "cve": "CVE-2021-22569", "cwe": { "id": "CWE-696", "name": "Incorrect Behavior Order" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039903" } ], "notes": [ { "category": "description", "text": "A flaw was found in protobuf-java. Google Protocol Buffer (protobuf-java) allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "protobuf-java: potential DoS in the parsing procedure for binary data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22569" }, { "category": "external", "summary": "RHBZ#2039903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039903" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22569", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569" }, { "category": "external", "summary": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b", "url": "https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b" }, { "category": "external", "summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67", "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67" } ], "release_date": "2022-01-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "protobuf-java: potential DoS in the parsing procedure for binary data" }, { "cve": "CVE-2021-22573", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-05-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2081879" } ], "notes": [ { "category": "description", "text": "A flaw was found in Google OAuth Java client\u0027s IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outside of their prescribed permissions.", "title": "Vulnerability description" }, { "category": "summary", "text": "google-oauth-client: Token signature not verified", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22573" }, { "category": "external", "summary": "RHBZ#2081879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081879" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22573", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22573" }, { "category": "external", "summary": "https://github.com/googleapis/google-oauth-java-client/pull/872", "url": "https://github.com/googleapis/google-oauth-java-client/pull/872" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "google-oauth-client: Token signature not verified" }, { "cve": "CVE-2021-24122", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1917209" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some configurations. The root cause was the unexpected behavior of the JRE API File.getCanonicalPath(), which was caused by the inconsistent behavior of the Windows API (FindFirstFileW) in some circumstances. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Information disclosure when using NTFS file system", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat OpenStack Platform\u0027s OpenDaylight, tomcat is disabled by default. Further, ODL deployments are not supported on untrusted administrator networks; even if tomcat is enabled, if random users can access it, this would be in an unsupported configuration. For this reason, the RHOSP impact has been reduced and no update will be provided at this time for the ODL tomcat package.\n\nThis flaw does not affect tomcat or pki-servlet-engine as shipped with Red Hat Enterprise Linux 6, 7, or 8 because the functionality involving FindFirstFileW() is specific to the Windows native code. Additionally, RHEL is not shipped with NTFS support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-24122" }, { "category": "external", "summary": "RHBZ#1917209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917209" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-24122", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24122" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-24122", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24122" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202101.mbox/%3Cf3765f21-969d-7f21-e34a-efc106175373%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202101.mbox/%3Cf3765f21-969d-7f21-e34a-efc106175373%40apache.org%3E" }, { "category": "external", "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.107", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.107" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40" } ], "release_date": "2021-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Information disclosure when using NTFS file system" }, { "cve": "CVE-2021-25122", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1934032" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Request mix-up with h2c", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8\u0027s Identity Management and Certificate System are using a vulnerable version of Tomcat that is bundled into the `pki-servlet-engine` component. However, HTTP/2 is not enabled in such a configuration, and it is not possible to trigger the flaw in a supported setup. A future update may fix the code. Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 are not affected by this flaw because HTTP/2 is not supported in the shipped version of tomcat in those packages.\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-25122" }, { "category": "external", "summary": "RHBZ#1934032", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934032" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25122", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25122" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25122", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25122" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202103.mbox/%3Cb7626398-5e6d-1639-4e9e-e41b34af84de%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202103.mbox/%3Cb7626398-5e6d-1639-4e9e-e41b34af84de%40apache.org%3E" }, { "category": "external", "summary": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.2", "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.2" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.63", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.63" }, { "category": "external", "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43", "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43" } ], "release_date": "2021-03-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Request mix-up with h2c" }, { "cve": "CVE-2021-25329", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1934061" } ], "notes": [ { "category": "description", "text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the `pki-servlet-engine` component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of `pki-servlet-engine` outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products.\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-25329" }, { "category": "external", "summary": "RHBZ#1934061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934061" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25329", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25329" }, { "category": "external", "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202103.mbox/%3C811bba77-e74e-9f9b-62ca-5253a09ba84f%40apache.org%3E", "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202103.mbox/%3C811bba77-e74e-9f9b-62ca-5253a09ba84f%40apache.org%3E" }, { "category": "external", "summary": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.2", "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.2" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.108", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.108" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.63", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.63" }, { "category": "external", "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43", "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43" } ], "release_date": "2021-03-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "category": "workaround", "details": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.", "product_ids": [ "Red Hat Fuse 7.11" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)" }, { "cve": "CVE-2021-29505", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-05-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966735" } ], "notes": [ { "category": "description", "text": "A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: remote command execution attack by manipulating the processed input stream", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\nCodeReady Studio 12 ships a version of xstream that is affected by this flaw as a transitive dependency for the Wise framework plugin. However, the vulnerable code is not called, so this flaw has been marked as Low severity for CodeReady Studio 12.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29505" }, { "category": "external", "summary": "RHBZ#1966735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966735" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29505", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29505" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29505", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29505" }, { "category": "external", "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc", "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc" }, { "category": "external", "summary": "https://x-stream.github.io/CVE-2021-29505.html", "url": "https://x-stream.github.io/CVE-2021-29505.html" } ], "release_date": "2021-05-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "category": "workaround", "details": "Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address.\n\nAllow list approach\n```java\nXStream xstream = new XStream();\nXStream.setupDefaultSecurity(xstream);\nxstream.allowTypesByWildcard(new String[] {\"com.misc.classname\"})\n```\nDeny list for XStream 1.4.16 (this should also address some previous flaws found in 1.4.7 - \u003e 1.4.15) \n```java\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.Lazy(?:Search)?Enumeration.*\", \"(?:java|sun)\\\\.rmi\\\\..*\" });\n```\n\nDeny list for XStream 1.4.15\n```java\nxstream.denyTypes(new String[]{ \"sun.awt.datatransfer.DataTransferer$IndexOrderComparator\", \"sun.swing.SwingLazyValue\", \"com.sun.corba.se.impl.activation.ServerTableEntry\", \"com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$ServiceNameIterator\", \"javafx\\\\.collections\\\\.ObservableList\\\\$.*\", \".*\\\\.bcel\\\\..*\\\\.util\\\\.ClassLoader\" });\nxstream.denyTypeHierarchy(java.io.InputStream.class );\nxstream.denyTypeHierarchy(java.nio.channels.Channel.class );\nxstream.denyTypeHierarchy(javax.activation.DataSource.class );\nxstream.denyTypeHierarchy(javax.sql.rowset.BaseRowSet.class );\n```\n\nDeny list for XStream 1.4.13\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\n```\n\nDeny list for XStream 1.4.7 -\u003e 1.4.12\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\n```\n\nDeny list for versions prior to XStream 1.4.7\n```java\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || Proxy.isProxy(type));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);\n```", "product_ids": [ "Red Hat Fuse 7.11" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "XStream: remote command execution attack by manipulating the processed input stream" }, { "cve": "CVE-2021-30640", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981544" } ], "notes": [ { "category": "description", "text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: JNDI realm authentication weakness", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-30640" }, { "category": "external", "summary": "RHBZ#1981544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981544" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-30640", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30640" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640" } ], "release_date": "2021-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: JNDI realm authentication weakness" }, { "cve": "CVE-2021-33037", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981533" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: HTTP request smuggling when used with a reverse proxy", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33037" }, { "category": "external", "summary": "RHBZ#1981533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981533" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33037", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33037" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33037", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33037" } ], "release_date": "2021-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: HTTP request smuggling when used with a reverse proxy" }, { "cve": "CVE-2021-33813", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2021-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1973413" } ], "notes": [ { "category": "description", "text": "An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "jdom: XXE allows attackers to cause a DoS via a crafted HTTP request", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the hive and hadoop components that comprise the OCP metering stack, ship the vulnerable version of jdom.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. Please see the following page for more information on Red Hat Enterprise Linux support scopes: https://access.redhat.com/support/policy/updates/errata/ .\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33813" }, { "category": "external", "summary": "RHBZ#1973413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973413" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33813", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33813" } ], "release_date": "2021-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jdom: XXE allows attackers to cause a DoS via a crafted HTTP request" }, { "cve": "CVE-2021-35515", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981895" } ], "notes": [ { "category": "description", "text": "A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 SevenZ package. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-compress: infinite loop when reading a specially crafted 7Z archive", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35515" }, { "category": "external", "summary": "RHBZ#1981895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981895" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35515", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35515" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2021/07/13/1", "url": "http://www.openwall.com/lists/oss-security/2021/07/13/1" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-compress/security-reports.html", "url": "https://commons.apache.org/proper/commons-compress/security-reports.html" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E", "url": "https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-compress: infinite loop when reading a specially crafted 7Z archive" }, { "cve": "CVE-2021-35516", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2021-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981900" } ], "notes": [ { "category": "description", "text": "A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 SevenZ package. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35516" }, { "category": "external", "summary": "RHBZ#1981900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981900" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35516" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2021/07/13/2", "url": "http://www.openwall.com/lists/oss-security/2021/07/13/2" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-compress/security-reports.html", "url": "https://commons.apache.org/proper/commons-compress/security-reports.html" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E", "url": "https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive" }, { "cve": "CVE-2021-35517", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2021-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981903" } ], "notes": [ { "category": "description", "text": "A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 TAR package. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35517" }, { "category": "external", "summary": "RHBZ#1981903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981903" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35517" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2021/07/13/3", "url": "http://www.openwall.com/lists/oss-security/2021/07/13/3" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-compress/security-reports.html", "url": "https://commons.apache.org/proper/commons-compress/security-reports.html" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E", "url": "https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive" }, { "cve": "CVE-2021-36090", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2021-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981909" } ], "notes": [ { "category": "description", "text": "A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 zip package. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36090" }, { "category": "external", "summary": "RHBZ#1981909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36090", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36090" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2021/07/13/4", "url": "http://www.openwall.com/lists/oss-security/2021/07/13/4" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-compress/security-reports.html", "url": "https://commons.apache.org/proper/commons-compress/security-reports.html" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E", "url": "https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive" }, { "cve": "CVE-2021-38153", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2021-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2009041" } ], "notes": [ { "category": "description", "text": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-38153" }, { "category": "external", "summary": "RHBZ#2009041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38153", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153" } ], "release_date": "2021-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients" }, { "cve": "CVE-2021-40690", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2011190" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.", "title": "Vulnerability description" }, { "category": "summary", "text": "xml-security: XPath Transform abuse allows for information disclosure", "title": "Vulnerability summary" }, { "category": "other", "text": "Since OpenShift Container Platform (OCP) 4.7, the logging-elasticsearch6-container is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-40690" }, { "category": "external", "summary": "RHBZ#2011190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-40690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E", "url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E" } ], "release_date": "2021-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xml-security: XPath Transform abuse allows for information disclosure" }, { "cve": "CVE-2021-41079", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004820" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet can trigger an infinite loop, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat Certificate System versions 9 and older, the version of Tomcat used is not affected by this flaw.\nIn Red Hat Certificate System 10, Tomcat is affected by this flaw. However, Tomcat is configured so that it does not use OpenSSLEngine, but the Dogtag JSS SSL implementation. As a result, the flaw can not be reached.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-41079" }, { "category": "external", "summary": "RHBZ#2004820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41079", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41079" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41079", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41079" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E", "url": "https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E" }, { "category": "external", "summary": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.4", "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.4" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.64", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.64" }, { "category": "external", "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.44", "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.44" } ], "release_date": "2021-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine" }, { "cve": "CVE-2021-41766", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2046282" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Karaf. This issue allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX).", "title": "Vulnerability description" }, { "category": "summary", "text": "karaf: insecure java deserialization", "title": "Vulnerability summary" }, { "category": "other", "text": "The default JMX implementation is hardened against unauthenticated deserialization attacks. The implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes available within the target\u0027s classpath. Generally speaking, deserialization of untrusted data does represent a high-security risk and should be prevented. In this case, it\u0027s limited to classes system scoped classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-41766" }, { "category": "external", "summary": "RHBZ#2046282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046282" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41766", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41766" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41766", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41766" } ], "release_date": "2022-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "karaf: insecure java deserialization" }, { "cve": "CVE-2021-42340", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2021-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2014356" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Within Red Hat OpenStack Platform, Tomcat is provided as a component of OpenDaylight. This flaw will not receive a fix as OpenDaylight was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42340" }, { "category": "external", "summary": "RHBZ#2014356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014356" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42340", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42340" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42340" }, { "category": "external", "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12", "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12" }, { "category": "external", "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6", "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E", "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E" } ], "release_date": "2021-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS" }, { "cve": "CVE-2021-42550", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2033560" } ], "notes": [ { "category": "description", "text": "A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "logback: remote code execution through JNDI call from within its configuration file", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite shipped affected versions, however, it is not vulnerable because the product doesn\u0027t meet the conditions needed to perform the attack.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42550" }, { "category": "external", "summary": "RHBZ#2033560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033560" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42550", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42550", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42550" }, { "category": "external", "summary": "http://logback.qos.ch/news.html", "url": "http://logback.qos.ch/news.html" }, { "category": "external", "summary": "https://cve.report/CVE-2021-42550", "url": "https://cve.report/CVE-2021-42550" }, { "category": "external", "summary": "https://jira.qos.ch/browse/LOGBACK-1591", "url": "https://jira.qos.ch/browse/LOGBACK-1591" } ], "release_date": "2021-12-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "logback: remote code execution through JNDI call from within its configuration file" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2021-43859", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2049783" } ], "notes": [ { "category": "description", "text": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.", "title": "Vulnerability description" }, { "category": "summary", "text": "xstream: Injecting highly recursive collections or maps can cause a DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has rated this issue as having Moderate security impact and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43859" }, { "category": "external", "summary": "RHBZ#2049783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43859", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43859" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43859", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43859" } ], "release_date": "2022-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xstream: Injecting highly recursive collections or maps can cause a DoS" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-1259", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-04-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072339" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw occurs because of an incomplete fix for CVE-2021-3629.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1259" }, { "category": "external", "summary": "RHBZ#2072339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1259", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1259" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259" } ], "release_date": "2022-04-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-21724", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050863" } ], "notes": [ { "category": "description", "text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", "title": "Vulnerability summary" }, { "category": "other", "text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21724" }, { "category": "external", "summary": "RHBZ#2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", "url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes" }, { "cve": "CVE-2022-22932", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2046279" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Karaf obr:* command, where a partial path traversal issue allows a break out of the expected folder. This entry is set by the user.", "title": "Vulnerability description" }, { "category": "summary", "text": "karaf: path traversal flaws", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22932" }, { "category": "external", "summary": "RHBZ#2046279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046279" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22932", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22932" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22932", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22932" } ], "release_date": "2022-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "karaf: path traversal flaws" }, { "cve": "CVE-2022-22950", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2069414" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-expression: Denial of service via specially crafted SpEL expression", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22950" }, { "category": "external", "summary": "RHBZ#2069414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22950", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950" } ], "release_date": "2022-03-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "spring-expression: Denial of service via specially crafted SpEL expression" }, { "cve": "CVE-2022-22968", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2075441" } ], "notes": [ { "category": "description", "text": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: Data Binding Rules Vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22968" }, { "category": "external", "summary": "RHBZ#2075441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075441" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22968", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22968" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22968", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22968" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22968", "url": "https://tanzu.vmware.com/security/cve-2022-22968" } ], "release_date": "2022-04-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Framework: Data Binding Rules Vulnerability" }, { "cve": "CVE-2022-22970", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087272" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: DoS via data binding to multipartFile or servlet part", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22970" }, { "category": "external", "summary": "RHBZ#2087272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087272" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22970", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22970" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22970", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22970" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22970", "url": "https://tanzu.vmware.com/security/cve-2022-22970" } ], "release_date": "2022-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: DoS via data binding to multipartFile or servlet part" }, { "cve": "CVE-2022-22971", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087274" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: DoS with STOMP over WebSocket", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22971" }, { "category": "external", "summary": "RHBZ#2087274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087274" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22971", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22971" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22971", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22971" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22971", "url": "https://tanzu.vmware.com/security/cve-2022-22971" } ], "release_date": "2022-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: DoS with STOMP over WebSocket" }, { "cve": "CVE-2022-22976", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087214" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: BCrypt skips salt rounds for work factor of 31", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22976" }, { "category": "external", "summary": "RHBZ#2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22976", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22976", "url": "https://tanzu.vmware.com/security/cve-2022-22976" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: BCrypt skips salt rounds for work factor of 31" }, { "cve": "CVE-2022-22978", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-05-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087606" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Authorization Bypass in RegexRequestMatcher", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22978" }, { "category": "external", "summary": "RHBZ#2087606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22978", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22978" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22978", "url": "https://tanzu.vmware.com/security/cve-2022-22978" } ], "release_date": "2022-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: Authorization Bypass in RegexRequestMatcher" }, { "acknowledgments": [ { "names": [ "Trung Pham" ], "organization": "Viettel Cyber Security", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23181", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2022-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047417" } ], "notes": [ { "category": "description", "text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: local privilege escalation vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the `pki-servlet-engine` component. This component embeds a version of Tomcat which is not affected by this flaw, as it does not include the fix for CVE-2020-9484. Additionally, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of `pki-servlet-engine` outside of these contexts is not supported.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23181" }, { "category": "external", "summary": "RHBZ#2047417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047417" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23181", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23181" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23181", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23181" }, { "category": "external", "summary": "https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9", "url": "https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9" } ], "release_date": "2022-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: local privilege escalation vulnerability" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "cve": "CVE-2022-23596", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2049778" } ], "notes": [ { "category": "description", "text": "Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.", "title": "Vulnerability description" }, { "category": "summary", "text": "junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23596" }, { "category": "external", "summary": "RHBZ#2049778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049778" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23596", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23596" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23596", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23596" } ], "release_date": "2022-01-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24614", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2058763" } ], "notes": [ { "category": "description", "text": "When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.", "title": "Vulnerability description" }, { "category": "summary", "text": "metadata-extractor: Out-of-memory when reading a specially crafted JPEG file", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24614" }, { "category": "external", "summary": "RHBZ#2058763", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058763" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24614", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24614" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24614", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24614" } ], "release_date": "2022-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "metadata-extractor: Out-of-memory when reading a specially crafted JPEG file" }, { "cve": "CVE-2022-25845", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-06-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2100654" } ], "notes": [ { "category": "description", "text": "A flaw was found in com.alibaba:fastjson, a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.", "title": "Vulnerability description" }, { "category": "summary", "text": "fastjson: autoType shutdown restriction bypass leads to deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25845" }, { "category": "external", "summary": "RHBZ#2100654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100654" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25845", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25845" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222", "url": "https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222" } ], "release_date": "2022-06-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "category": "workaround", "details": "Users who can not upgrade to the fixed version may enable safeMode; this completely disables the autoType function and eliminates the vulnerability risk. [https://github.com/alibaba/fastjson/wiki/fastjson_safemode]", "product_ids": [ "Red Hat Fuse 7.11" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "fastjson: autoType shutdown restriction bypass leads to deserialization" }, { "cve": "CVE-2022-26336", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063292" } ], "notes": [ { "category": "description", "text": "A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.", "title": "Vulnerability description" }, { "category": "summary", "text": "poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26336" }, { "category": "external", "summary": "RHBZ#2063292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063292" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26336", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26336" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26336", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26336" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception" }, { "cve": "CVE-2022-26520", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2022-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064007" } ], "notes": [ { "category": "description", "text": "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql-jdbc: Arbitrary File Write Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat informs that although there\u0027s a difference from NVD CVSSv3 score there\u0027s a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it\u0027s needed. This require non-default configuration and also it\u0027s not expected to allow an untrusted user to perform this kind of setting.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26520" }, { "category": "external", "summary": "RHBZ#2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26520", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "postgresql-jdbc: Arbitrary File Write Vulnerability" }, { "cve": "CVE-2022-30126", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2088523" } ], "notes": [ { "category": "description", "text": "In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0", "title": "Vulnerability description" }, { "category": "summary", "text": "tika-core: Regular Expression Denial of Service in standards extractor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30126" }, { "category": "external", "summary": "RHBZ#2088523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088523" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30126", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30126" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30126", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30126" } ], "release_date": "2022-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-07T14:19:49+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tika-core: Regular Expression Denial of Service in standards extractor" } ] }
rhsa-2022_4922
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4922", "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4922.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update", "tracking": { "current_release_date": "2024-11-15T20:32:42+00:00", "generator": { "date": "2024-11-15T20:32:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:4922", "initial_release_date": "2022-06-06T15:11:31+00:00", "revision_history": [ { "date": "2022-06-06T15:11:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:11:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T20:32:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2022_7417
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7417", "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", "tracking": { "current_release_date": "2024-11-15T14:59:43+00:00", "generator": { "date": "2024-11-15T14:59:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7417", "initial_release_date": "2022-11-03T15:14:51+00:00", "revision_history": [ { "date": "2022-11-03T15:14:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T15:14:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T14:59:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6.1", "product": { "name": "Red Hat Single Sign-On 7.6.1", "product_id": "Red Hat Single Sign-On 7.6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022_8889
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Openshift Logging Bug Fix Release (5.3.14)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Openshift Logging Bug Fix Release (5.3.14)\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:8889", "url": "https://access.redhat.com/errata/RHSA-2022:8889" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "LOG-3293", "url": "https://issues.redhat.com/browse/LOG-3293" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8889.json" } ], "title": "Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update", "tracking": { "current_release_date": "2024-11-15T13:18:04+00:00", "generator": { "date": "2024-11-15T13:18:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:8889", "initial_release_date": "2022-12-08T17:25:26+00:00", "revision_history": [ { "date": "2022-12-08T17:25:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-12-08T17:25:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:18:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.3", "product": { "name": "OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.14-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.14-5" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-315" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-169" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-259" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-277" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-223" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-311" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.14-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.14-5" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-315" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-169" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-259" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-277" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-223" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-311" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.14-6" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.3.14-8" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.14-5" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.3.14-16" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-315" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-169" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-259" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-277" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-223" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-311" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T17:25:26+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8889" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T17:25:26+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8889" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:4022c2613b641f0dd53fbf781b33d5263efeeff6dc975f049f89268d4a27203b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:08b052122e0e9ba71d868ce2f383c15fd182697f6f799d4c1cabc4e6c4ed8e2b_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:5278f6ceb7cf08f63f1f00bbe64e9943483b5ad67e5bfc47f403d628ef7b5c99_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:e33176b1095d8cfef85ce2fd57c00aaf5ff57b0e45b40d29e098b5bf6bd8fc5b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:490cc7b81ffb47ec754496ff17f3dbaf394d251320bce734b9967b54721e42e3_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:a9e5746f32a57d1944611cf76b8d46a2eff29093e235a4206b48075e2f5d88e9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:f0284b01a99405d6e8ca32ed47699854e6ad50c41608f15bf10943b37b7a5657_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:0465cf31c274e2f7f10dd46f04304c6f27778f2135572de317b8f155e1fb269b_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:3ffd5a936688f02391ccccba3a4d866ef73faaa56d83a86b933f816ad1ae184a_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:d67a7aad2aa847bc07254c061fcb70c55e3bc47980e205ac5e3eea01ad256223_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:16fa20b470a5093e67cac615e27524ef14b19b54a14086ec5e5609ad602d0ea9_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9a16e58903172cdbcb7f14cb4d96ceda2c2e08715c5db5b9a2bd4f6e6c8b38_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:88ab4df69684f3c991dbae9b70fd6d09ab3564ced1a0b429728b87173013bc0f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:7972f8802bce8c221f23c8d4457086ebc7983705048b91594a28872e02d9b712_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:a4dc00a57c6b23ad158d54bd6952c81d5e17c7c2d5dcf5d32b23f8a042ba1f1e_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:e4ec4bb4b6b5dd18f3c965f3297e3634b5ce88c1ba03a489ab9867fb1bde42b7_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-12-08T17:25:26+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8889" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:e83fe48d828acd221dc2e8a3a80412d048bde4284ce315a87ec858ef8ecfd0eb_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:9e98d2f8c86586fc234a598bb758d093a54d1a29492b8e62e28e270bbdcd39eb_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:c2c40790e73aa8f974f7acce2950d5072eaa004edf68e596bd50d4dd40d7b9da_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:eb6796afba358e0b6ae7fb07509c62ed14e20210b790e3e0dbc8bd5a9cdba6d5_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:c0fcdb9108399184f0a564cfd8bfd0fbfe8ad8099d93af484a714b0475279300_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:db875aa219a98257e8c2a9a134b18a759603d56c17e92ac59e441a6e5b7c68d1_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:fabcbac5972b59c81ea0745fbfa2c4a5d4e097280c0758c11c5ad81e82fc09eb_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:2a1adbb46b40ffc3fd287e97317f5c8031df3deda6ed70650cc154cd650f4c31_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:3046aae638ca1ec48757c3ed8bef140aecd360eec7a1452311e48ddf42c64b50_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:aaf2c368d60d44d87262ab87f04504ea182a3dcd70826a5500c7f0eb14fa2b51_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" } ] }
rhsa-2023_2312
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:2312", "url": "https://access.redhat.com/errata/RHSA-2023:2312" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2312.json" } ], "title": "Red Hat Security Advisory: jackson security update", "tracking": { "current_release_date": "2024-11-15T07:37:47+00:00", "generator": { "date": "2024-11-15T07:37:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:2312", "initial_release_date": "2023-05-09T10:10:07+00:00", "revision_history": [ { "date": "2023-05-09T10:10:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-05-09T10:10:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:37:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "jackson-jaxrs-providers-0:2.14.1-2.el9.src", "product": { "name": "jackson-jaxrs-providers-0:2.14.1-2.el9.src", "product_id": "jackson-jaxrs-providers-0:2.14.1-2.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.14.1-2.el9?arch=src" } } }, { "category": "product_version", "name": "jackson-modules-base-0:2.14.1-2.el9.src", "product": { "name": "jackson-modules-base-0:2.14.1-2.el9.src", "product_id": "jackson-modules-base-0:2.14.1-2.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-modules-base@2.14.1-2.el9?arch=src" } } }, { "category": "product_version", "name": "jackson-databind-0:2.14.1-2.el9.src", "product": { "name": "jackson-databind-0:2.14.1-2.el9.src", "product_id": "jackson-databind-0:2.14.1-2.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-databind@2.14.1-2.el9?arch=src" } } }, { "category": "product_version", "name": "jackson-core-0:2.14.1-2.el9.src", "product": { "name": "jackson-core-0:2.14.1-2.el9.src", "product_id": "jackson-core-0:2.14.1-2.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-core@2.14.1-2.el9?arch=src" } } }, { "category": "product_version", "name": "jackson-annotations-0:2.14.1-1.el9.src", "product": { "name": "jackson-annotations-0:2.14.1-1.el9.src", "product_id": "jackson-annotations-0:2.14.1-1.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jackson-annotations@2.14.1-1.el9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch", "product": { "name": "pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch", "product_id": "pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-jackson-jaxrs-json-provider@2.14.1-2.el9?arch=noarch" } } }, { "category": "product_version", "name": "pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch", "product": { "name": "pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch", "product_id": "pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-jackson-jaxrs-providers@2.14.1-2.el9?arch=noarch" } } }, { "category": "product_version", "name": "pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch", "product": { "name": "pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch", "product_id": "pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-jackson-module-jaxb-annotations@2.14.1-2.el9?arch=noarch" } } }, { "category": "product_version", "name": "pki-jackson-databind-0:2.14.1-2.el9.noarch", "product": { "name": "pki-jackson-databind-0:2.14.1-2.el9.noarch", "product_id": "pki-jackson-databind-0:2.14.1-2.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-jackson-databind@2.14.1-2.el9?arch=noarch" } } }, { "category": "product_version", "name": "pki-jackson-core-0:2.14.1-2.el9.noarch", "product": { "name": "pki-jackson-core-0:2.14.1-2.el9.noarch", "product_id": "pki-jackson-core-0:2.14.1-2.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-jackson-core@2.14.1-2.el9?arch=noarch" } } }, { "category": "product_version", "name": "pki-jackson-annotations-0:2.14.1-1.el9.noarch", "product": { "name": "pki-jackson-annotations-0:2.14.1-1.el9.noarch", "product_id": "pki-jackson-annotations-0:2.14.1-1.el9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/pki-jackson-annotations@2.14.1-1.el9?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jackson-annotations-0:2.14.1-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:jackson-annotations-0:2.14.1-1.el9.src" }, "product_reference": "jackson-annotations-0:2.14.1-1.el9.src", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-core-0:2.14.1-2.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:jackson-core-0:2.14.1-2.el9.src" }, "product_reference": "jackson-core-0:2.14.1-2.el9.src", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-databind-0:2.14.1-2.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:jackson-databind-0:2.14.1-2.el9.src" }, "product_reference": "jackson-databind-0:2.14.1-2.el9.src", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-jaxrs-providers-0:2.14.1-2.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:jackson-jaxrs-providers-0:2.14.1-2.el9.src" }, "product_reference": "jackson-jaxrs-providers-0:2.14.1-2.el9.src", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "jackson-modules-base-0:2.14.1-2.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:jackson-modules-base-0:2.14.1-2.el9.src" }, "product_reference": "jackson-modules-base-0:2.14.1-2.el9.src", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pki-jackson-annotations-0:2.14.1-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:pki-jackson-annotations-0:2.14.1-1.el9.noarch" }, "product_reference": "pki-jackson-annotations-0:2.14.1-1.el9.noarch", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pki-jackson-core-0:2.14.1-2.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:pki-jackson-core-0:2.14.1-2.el9.noarch" }, "product_reference": "pki-jackson-core-0:2.14.1-2.el9.noarch", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pki-jackson-databind-0:2.14.1-2.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:pki-jackson-databind-0:2.14.1-2.el9.noarch" }, "product_reference": "pki-jackson-databind-0:2.14.1-2.el9.noarch", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch" }, "product_reference": "pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch" }, "product_reference": "pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch", "relates_to_product_reference": "AppStream-9.2.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.2.0.GA:pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch" }, "product_reference": "pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch", "relates_to_product_reference": "AppStream-9.2.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.2.0.GA:jackson-annotations-0:2.14.1-1.el9.src", "AppStream-9.2.0.GA:jackson-core-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:jackson-jaxrs-providers-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:jackson-modules-base-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:pki-jackson-annotations-0:2.14.1-1.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-core-0:2.14.1-2.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.2.0.GA:jackson-databind-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:pki-jackson-databind-0:2.14.1-2.el9.noarch" ], "known_not_affected": [ "AppStream-9.2.0.GA:jackson-annotations-0:2.14.1-1.el9.src", "AppStream-9.2.0.GA:jackson-core-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:jackson-jaxrs-providers-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:jackson-modules-base-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:pki-jackson-annotations-0:2.14.1-1.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-core-0:2.14.1-2.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-jaxrs-json-provider-0:2.14.1-2.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-jaxrs-providers-0:2.14.1-2.el9.noarch", "AppStream-9.2.0.GA:pki-jackson-module-jaxb-annotations-0:2.14.1-2.el9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-09T10:10:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.2.0.GA:jackson-databind-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:pki-jackson-databind-0:2.14.1-2.el9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:2312" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.2.0.GA:jackson-databind-0:2.14.1-2.el9.src", "AppStream-9.2.0.GA:pki-jackson-databind-0:2.14.1-2.el9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" } ] }
rhsa-2022_6813
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6813", "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2041833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2076133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133" }, { "category": "external", "summary": "2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "2096966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966" }, { "category": "external", "summary": "2103584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2107994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6813.json" } ], "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update", "tracking": { "current_release_date": "2024-11-21T21:15:25+00:00", "generator": { "date": "2024-11-21T21:15:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6813", "initial_release_date": "2022-10-05T10:44:49+00:00", "revision_history": [ { "date": "2022-10-05T10:44:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-05T10:44:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-21T21:15:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHPAM 7.13.1 async", "product": { "name": "RHPAM 7.13.1 async", "product_id": "RHPAM 7.13.1 async", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" } } } ], "category": "product_family", "name": "Red Hat Process Automation Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7746", "discovery_date": "2020-10-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2096966" } ], "notes": [ { "category": "description", "text": "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object\u0027s keys that are being set are not checked, possibly allowing a prototype pollution.", "title": "Vulnerability description" }, { "category": "summary", "text": "chart.js: prototype pollution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7746" }, { "category": "external", "summary": "RHBZ#2096966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7746", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7746" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746" } ], "release_date": "2020-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chart.js: prototype pollution" }, { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-23436", "discovery_date": "2021-10-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041833" } ], "notes": [ { "category": "description", "text": "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23436" }, { "category": "external", "summary": "RHBZ#2041833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23436", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436" } ], "release_date": "2021-09-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-0722", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2022-07-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2103584" } ], "notes": [ { "category": "description", "text": "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0722" }, { "category": "external", "summary": "RHBZ#2103584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0722", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0722" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722" }, { "category": "external", "summary": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", "url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226" } ], "release_date": "2022-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url" }, { "cve": "CVE-2022-1365", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "discovery_date": "2022-04-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2076133" } ], "notes": [ { "category": "description", "text": "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.", "title": "Vulnerability description" }, { "category": "summary", "text": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1365" }, { "category": "external", "summary": "RHBZ#2076133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1365", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1365" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365" }, { "category": "external", "summary": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", "url": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/" } ], "release_date": "2022-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor" }, { "acknowledgments": [ { "names": [ "Paulino Calderon" ], "organization": "Websec" } ], "cve": "CVE-2022-1415", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2065505" } ], "notes": [ { "category": "description", "text": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "drools: unsafe data deserialization in StreamUtils", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1415" }, { "category": "external", "summary": "RHBZ#2065505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065505" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1415", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "drools: unsafe data deserialization in StreamUtils" }, { "cve": "CVE-2022-1650", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "discovery_date": "2022-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2085307" } ], "notes": [ { "category": "description", "text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.", "title": "Vulnerability description" }, { "category": "summary", "text": "eventsource: Exposure of Sensitive Information", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1650" }, { "category": "external", "summary": "RHBZ#2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1650" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650" }, { "category": "external", "summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e" } ], "release_date": "2022-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "eventsource: Exposure of Sensitive Information" }, { "cve": "CVE-2022-2458", "cwe": { "id": "CWE-91", "name": "XML Injection (aka Blind XPath Injection)" }, "discovery_date": "2022-07-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107994" } ], "notes": [ { "category": "description", "text": "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application\u0027s processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.", "title": "Vulnerability description" }, { "category": "summary", "text": "Business-central: Possible XML External Entity Injection attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2458" }, { "category": "external", "summary": "RHBZ#2107994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2458", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2458" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458" } ], "release_date": "2022-07-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Business-central: Possible XML External Entity Injection attack" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-21724", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050863" } ], "notes": [ { "category": "description", "text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", "title": "Vulnerability summary" }, { "category": "other", "text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21724" }, { "category": "external", "summary": "RHBZ#2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", "url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24771", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067387" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestAlgorithm structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24771" }, { "category": "external", "summary": "RHBZ#2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery" }, { "cve": "CVE-2022-24772", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067458" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestInfo ASN.1 structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24772" }, { "category": "external", "summary": "RHBZ#2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "RHPAM 7.13.1 async" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-26520", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2022-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064007" } ], "notes": [ { "category": "description", "text": "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql-jdbc: Arbitrary File Write Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat informs that although there\u0027s a difference from NVD CVSSv3 score there\u0027s a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it\u0027s needed. This require non-default configuration and also it\u0027s not expected to allow an untrusted user to perform this kind of setting.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26520" }, { "category": "external", "summary": "RHBZ#2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26520", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "postgresql-jdbc: Arbitrary File Write Vulnerability" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-05T10:44:49+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" } ] }
wid-sec-w-2023-2700
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "kritisch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Confluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nBamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2700 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2700.json" }, { "category": "self", "summary": "WID-SEC-2023-2700 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2700" }, { "category": "external", "summary": "Atlassian Security Update vom 2023-10-17", "url": "https://confluence.atlassian.com/security/security-bulletin-october-17-2023-1299929380.html" }, { "category": "external", "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12", "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html" } ], "source_lang": "en-US", "title": "Atlassian Confluence: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-12-12T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:48:30.193+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2700", "initial_release_date": "2023-10-17T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-17T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-12T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.2.7", "product": { "name": "Atlassian Bamboo \u003c 9.2.7", "product_id": "1529586", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.2.7" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server", "product": { "name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server", "product_id": "T030667", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.2.5_data_center_and_server" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server", "product": { "name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server", "product_id": "T030668", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.1_data_center_and_server" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server", "product": { "name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server", "product_id": "T030669", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.3_data_center_and_server" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.3.5", "product": { "name": "Atlassian Bamboo \u003c 9.3.5", "product_id": "T031324", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.5" } } } ], "category": "product_name", "name": "Bamboo" }, { "branches": [ { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server", "product": { "name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server", "product_id": "T030666", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.13.1_data_center_and_server" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 7.21.18", "product": { "name": "Atlassian Bitbucket \u003c 7.21.18", "product_id": "T031325", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:7.21.18" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.9.7", "product": { "name": "Atlassian Bitbucket \u003c 8.9.7", "product_id": "T031614", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.9.7" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.11.6", "product": { "name": "Atlassian Bitbucket \u003c 8.11.6", "product_id": "T031615", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.11.6" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.12.4", "product": { "name": "Atlassian Bitbucket \u003c 8.12.4", "product_id": "T031616", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.12.4" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.13.3", "product": { "name": "Atlassian Bitbucket \u003c 8.13.3", "product_id": "T031617", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.13.3" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.14.2", "product": { "name": "Atlassian Bitbucket \u003c 8.14.2", "product_id": "T031618", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.14.2" } } } ], "category": "product_name", "name": "Bitbucket" }, { "branches": [ { "category": "product_name", "name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center", "product": { "name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center", "product_id": "T030660", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.3.3_server_and_data_center" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center", "product": { "name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center", "product_id": "T030662", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.5.2_server_and_data_center" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center", "product": { "name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center", "product_id": "T030663", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.4.3_server_and_data_center" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.3.4", "product": { "name": "Atlassian Confluence \u003c 8.3.4", "product_id": "T030846", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.3.4" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 7.19.17", "product": { "name": "Atlassian Confluence \u003c 7.19.17", "product_id": "T031609", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:7.19.17" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.4.5", "product": { "name": "Atlassian Confluence \u003c 8.4.5", "product_id": "T031610", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.4.5" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.5.4", "product": { "name": "Atlassian Confluence \u003c 8.5.4", "product_id": "T031611", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.5.4" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.6.2", "product": { "name": "Atlassian Confluence \u003c 8.6.2", "product_id": "T031612", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.6.2" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.7.1", "product": { "name": "Atlassian Confluence \u003c 8.7.1", "product_id": "T031613", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.7.1" } } } ], "category": "product_name", "name": "Confluence" }, { "branches": [ { "category": "product_name", "name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server", "product": { "name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server", "product_id": "T030664", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:4.20.27_service_management_data_center_and_server" } } }, { "category": "product_name", "name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server", "product": { "name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server", "product_id": "T030665", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:5.4.11_service_management_data_center_and_server" } } }, { "category": "product_name", "name": "Atlassian Jira Software \u003c 9.4.13", "product": { "name": "Atlassian Jira Software \u003c 9.4.13", "product_id": "T031606", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.4.13" } } }, { "category": "product_name", "name": "Atlassian Jira Software Service Management \u003c 4.20.28", "product": { "name": "Atlassian Jira Software Service Management \u003c 4.20.28", "product_id": "T031607", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28" } } }, { "category": "product_name", "name": "Atlassian Jira Software Service Management \u003c 5.4.12", "product": { "name": "Atlassian Jira Software Service Management \u003c 5.4.12", "product_id": "T031608", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12" } } } ], "category": "product_name", "name": "Jira Software" } ], "category": "vendor", "name": "Atlassian" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28709", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-28709" }, { "cve": "CVE-2023-25194", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-25194" }, { "cve": "CVE-2023-22515", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22515" }, { "cve": "CVE-2023-22514", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22514" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-45685", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-45685" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-41906", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-41906" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-3509", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-3509" }, { "cve": "CVE-2022-3171", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-3171" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2021-46877", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-46877" }, { "cve": "CVE-2021-31684", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-31684" }, { "cve": "CVE-2021-22569", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-22569" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-13936", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2020-13936" }, { "cve": "CVE-2019-13990", "notes": [ { "category": "description", "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T031324", "T031610", "T031612", "T031325", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2019-13990" } ] }
wid-sec-w-2023-1807
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1807 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1807.json" }, { "category": "self", "summary": "WID-SEC-2023-1807 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1807" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Fusion Middleware vom 2023-07-18", "url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixFMW" }, { "category": "external", "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23", "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=" } ], "source_lang": "en-US", "title": "Oracle Fusion Middleware: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-12-26T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:37:19.280+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1807", "initial_release_date": "2023-07-18T22:00:00.000+00:00", "revision_history": [ { "date": "2023-07-18T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-26T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Dell aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Fusion Middleware 12.2.1.3.0", "product": { "name": "Oracle Fusion Middleware 12.2.1.3.0", "product_id": "618028", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware 12.2.1.4.0", "product_id": "751674", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 14.1.1.0.0", "product": { "name": "Oracle Fusion Middleware 14.1.1.0.0", "product_id": "829576", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 9.1.0", "product": { "name": "Oracle Fusion Middleware 9.1.0", "product_id": "T022847", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:9.1.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware \u003c 11.1.2.3.1", "product": { "name": "Oracle Fusion Middleware \u003c 11.1.2.3.1", "product_id": "T028708", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:11.1.2.3.1" } } } ], "category": "product_name", "name": "Fusion Middleware" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-26119", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-26119" }, { "cve": "CVE-2023-26049", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-26049" }, { "cve": "CVE-2023-25690", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-25690" }, { "cve": "CVE-2023-25194", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-25194" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-23914", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-23914" }, { "cve": "CVE-2023-22899", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-22899" }, { "cve": "CVE-2023-22040", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-22040" }, { "cve": "CVE-2023-22031", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-22031" }, { "cve": "CVE-2023-21994", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-21994" }, { "cve": "CVE-2023-20863", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-20863" }, { "cve": "CVE-2023-20861", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-20861" }, { "cve": "CVE-2023-20860", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-20860" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-1436" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-45047", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-45047" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-42920", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-42920" }, { "cve": "CVE-2022-42890", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-42890" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-41853", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-41853" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-36033", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-36033" }, { "cve": "CVE-2022-33879", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-33879" }, { "cve": "CVE-2022-31197", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-31197" }, { "cve": "CVE-2022-29546", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-29546" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2022-24409", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-24409" }, { "cve": "CVE-2022-23437", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2022-23437" }, { "cve": "CVE-2021-46877", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-46877" }, { "cve": "CVE-2021-43113", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-43113" }, { "cve": "CVE-2021-42575", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-42575" }, { "cve": "CVE-2021-41184", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-41184" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-4104" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-36090", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-36090" }, { "cve": "CVE-2021-34429", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-34429" }, { "cve": "CVE-2021-33813", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-33813" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-28168", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-28168" }, { "cve": "CVE-2021-26117", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-26117" }, { "cve": "CVE-2021-23926", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2021-23926" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-17521", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2020-17521" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2020-13956" }, { "cve": "CVE-2020-13936", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T022847", "618028", "751674", "829576" ] }, "release_date": "2023-07-18T22:00:00Z", "title": "CVE-2020-13936" } ] }
wid-sec-w-2022-1950
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1950 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1950.json" }, { "category": "self", "summary": "WID-SEC-2022-1950 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1950" }, { "category": "external", "summary": "psytester Blog vom 2022-12-27", "url": "https://psytester.github.io/CVE-2022-43571_SPLUNK_RCE/" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1112.html" }, { "category": "external", "summary": "Splunk Security Advisory vom 2022-11-02", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1113.html" } ], "source_lang": "en-US", "title": "Splunk Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2022-12-27T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:02:28.430+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1950", "initial_release_date": "2022-11-02T23:00:00.000+00:00", "revision_history": [ { "date": "2022-11-02T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-11-03T23:00:00.000+00:00", "number": "2", "summary": "Schreibfehler korrigiert" }, { "date": "2022-12-27T23:00:00.000+00:00", "number": "3", "summary": "PoC f\u00fcr CVE-2022-43571 aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Splunk Splunk Enterprise \u003c 8.1.12", "product": { "name": "Splunk Splunk Enterprise \u003c 8.1.12", "product_id": "T025214", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.1.12" } } }, { "category": "product_name", "name": "Splunk Splunk Enterprise \u003c 8.2.9", "product": { "name": "Splunk Splunk Enterprise \u003c 8.2.9", "product_id": "T025215", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.2.9" } } }, { "category": "product_name", "name": "Splunk Splunk Enterprise \u003c 9.0.2", "product": { "name": "Splunk Splunk Enterprise \u003c 9.0.2", "product_id": "T025216", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.0.2" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2022-43561", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43561" }, { "cve": "CVE-2022-43562", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43562" }, { "cve": "CVE-2022-43563", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43563" }, { "cve": "CVE-2022-43564", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43564" }, { "cve": "CVE-2022-43565", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43565" }, { "cve": "CVE-2022-43566", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43566" }, { "cve": "CVE-2022-43567", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43567" }, { "cve": "CVE-2022-43568", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43568" }, { "cve": "CVE-2022-43569", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43569" }, { "cve": "CVE-2022-43570", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43570" }, { "cve": "CVE-2022-43571", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43571" }, { "cve": "CVE-2022-43572", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Code zur Ausf\u00fchrung zu bringen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Daten zu manipulieren oder einen Denial of Service zu verursachen. Zur Ausnutzung einiger Schwachstellen ist eine Interaktion des Opfers notwendig." } ], "release_date": "2022-11-02T23:00:00Z", "title": "CVE-2022-43572" } ] }
wid-sec-w-2022-1375
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1375 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json" }, { "category": "self", "summary": "WID-SEC-2022-1375 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14", "url": "https://access.redhat.com/errata/RHSA-2023:5165" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities vom 2022-09-11", "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities", "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5776-1 vom 2022-12-13", "url": "https://ubuntu.com/security/notices/USN-5776-1" } ], "source_lang": "en-US", "title": "JFrog Artifactory: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-09-14T22:00:00.000+00:00", "generator": { "date": "2024-02-15T16:58:09.779+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1375", "initial_release_date": "2022-09-11T22:00:00.000+00:00", "revision_history": [ { "date": "2022-09-11T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-10-03T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates aufgenommen" }, { "date": "2022-10-04T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-12T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-12-20T23:00:00.000+00:00", "number": "5", "summary": "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE" }, { "date": "2023-09-14T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "6" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "JFrog Artifactory", "product": { "name": "JFrog Artifactory", "product_id": "T024527", "product_identification_helper": { "cpe": "cpe:/a:jfrog:artifactory:-" } } }, { "category": "product_name", "name": "JFrog Artifactory \u003c 7.46.3", "product": { "name": "JFrog Artifactory \u003c 7.46.3", "product_id": "T024764", "product_identification_helper": { "cpe": "cpe:/a:jfrog:artifactory:7.46.3" } } } ], "category": "product_name", "name": "Artifactory" } ], "category": "vendor", "name": "JFrog" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4517", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2013-4517" }, { "cve": "CVE-2013-7285", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2013-7285" }, { "cve": "CVE-2014-0107", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-0107" }, { "cve": "CVE-2014-0114", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-0114" }, { "cve": "CVE-2014-3577", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-3577" }, { "cve": "CVE-2014-3623", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2014-3623" }, { "cve": "CVE-2015-0227", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-0227" }, { "cve": "CVE-2015-2575", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-2575" }, { "cve": "CVE-2015-3253", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-3253" }, { "cve": "CVE-2015-4852", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-4852" }, { "cve": "CVE-2015-7940", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2015-7940" }, { "cve": "CVE-2016-10750", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-10750" }, { "cve": "CVE-2016-3092", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-3092" }, { "cve": "CVE-2016-3674", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-3674" }, { "cve": "CVE-2016-6501", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-6501" }, { "cve": "CVE-2016-8735", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-8735" }, { "cve": "CVE-2016-8745", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2016-8745" }, { "cve": "CVE-2017-1000487", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-1000487" }, { "cve": "CVE-2017-15095", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-15095" }, { "cve": "CVE-2017-17485", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-17485" }, { "cve": "CVE-2017-18214", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-18214" }, { "cve": "CVE-2017-18640", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-18640" }, { "cve": "CVE-2017-7525", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-7525" }, { "cve": "CVE-2017-7657", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-7657" }, { "cve": "CVE-2017-7957", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-7957" }, { "cve": "CVE-2017-9506", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2017-9506" }, { "cve": "CVE-2018-1000206", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2018-1000206" }, { "cve": "CVE-2018-9116", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2018-9116" }, { "cve": "CVE-2019-10219", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-10219" }, { "cve": "CVE-2019-12402", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-12402" }, { "cve": "CVE-2019-17359", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-17359" }, { "cve": "CVE-2019-17571", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-17571" }, { "cve": "CVE-2019-20104", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2019-20104" }, { "cve": "CVE-2020-11996", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-11996" }, { "cve": "CVE-2020-13934", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-13934" }, { "cve": "CVE-2020-13935", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-13935" }, { "cve": "CVE-2020-13949", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-13949" }, { "cve": "CVE-2020-14340", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-14340" }, { "cve": "CVE-2020-15586", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-15586" }, { "cve": "CVE-2020-1745", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-1745" }, { "cve": "CVE-2020-17521", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-17521" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-28500", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-28500" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-7226", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-7226" }, { "cve": "CVE-2020-7692", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-7692" }, { "cve": "CVE-2020-8203", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2020-8203" }, { "cve": "CVE-2021-13936", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-13936" }, { "cve": "CVE-2021-21290", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-21290" }, { "cve": "CVE-2021-22060", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22060" }, { "cve": "CVE-2021-22112", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22112" }, { "cve": "CVE-2021-22119", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22119" }, { "cve": "CVE-2021-22147", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22147" }, { "cve": "CVE-2021-22148", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22148" }, { "cve": "CVE-2021-22149", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22149" }, { "cve": "CVE-2021-22573", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-22573" }, { "cve": "CVE-2021-23337", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-23337" }, { "cve": "CVE-2021-25122", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-25122" }, { "cve": "CVE-2021-26291", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-26291" }, { "cve": "CVE-2021-27568", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-27568" }, { "cve": "CVE-2021-29505", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-29505" }, { "cve": "CVE-2021-30129", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-30129" }, { "cve": "CVE-2021-33037", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-33037" }, { "cve": "CVE-2021-35550", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35550" }, { "cve": "CVE-2021-35556", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35556" }, { "cve": "CVE-2021-35560", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35560" }, { "cve": "CVE-2021-35561", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35561" }, { "cve": "CVE-2021-35564", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35564" }, { "cve": "CVE-2021-35565", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35565" }, { "cve": "CVE-2021-35567", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35567" }, { "cve": "CVE-2021-35578", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35578" }, { "cve": "CVE-2021-35586", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35586" }, { "cve": "CVE-2021-35588", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35588" }, { "cve": "CVE-2021-35603", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-35603" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-3765", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-3765" }, { "cve": "CVE-2021-3807", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-3807" }, { "cve": "CVE-2021-38561", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-38561" }, { "cve": "CVE-2021-3859", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-3859" }, { "cve": "CVE-2021-41090", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-41090" }, { "cve": "CVE-2021-41091", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-41091" }, { "cve": "CVE-2021-42340", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-42340" }, { "cve": "CVE-2021-42550", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-42550" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2021-43797" }, { "cve": "CVE-2022-0536", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-0536" }, { "cve": "CVE-2022-22963", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-22963" }, { "cve": "CVE-2022-23632", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-23632" }, { "cve": "CVE-2022-23648", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-23648" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-24769", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-24769" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-29153", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-29153" }, { "cve": "CVE-2022-32212", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32212" }, { "cve": "CVE-2022-32213", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32213" }, { "cve": "CVE-2022-32214", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32214" }, { "cve": "CVE-2022-32215", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32215" }, { "cve": "CVE-2022-32223", "notes": [ { "category": "description", "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T024527", "67646", "T000126", "T024764" ] }, "release_date": "2022-09-11T22:00:00Z", "title": "CVE-2022-32223" } ] }
wid-sec-w-2023-2993
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2993 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2993.json" }, { "category": "self", "summary": "WID-SEC-2023-2993 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2993" }, { "category": "external", "summary": "Atlassian Security Bulletin vom 2023-11-21", "url": "https://confluence.atlassian.com/security/security-bulletin-november-21-2023-1318881573.html" }, { "category": "external", "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12", "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html" } ], "source_lang": "en-US", "title": "Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-12-12T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:52:18.317+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2993", "initial_release_date": "2023-11-21T23:00:00.000+00:00", "revision_history": [ { "date": "2023-11-21T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-11-23T23:00:00.000+00:00", "number": "2", "summary": "Bewertung angepasst" }, { "date": "2023-12-12T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.2.7", "product": { "name": "Atlassian Bamboo \u003c 9.2.7", "product_id": "1529586", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.2.7" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.2.7", "product": { "name": "Atlassian Bamboo \u003c 9.2.7", "product_id": "T031322", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.2.7" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.3.4", "product": { "name": "Atlassian Bamboo \u003c 9.3.4", "product_id": "T031323", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.4" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.3.5", "product": { "name": "Atlassian Bamboo \u003c 9.3.5", "product_id": "T031324", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.5" } } } ], "category": "product_name", "name": "Bamboo" }, { "branches": [ { "category": "product_name", "name": "Atlassian Bitbucket \u003c 7.21.18", "product": { "name": "Atlassian Bitbucket \u003c 7.21.18", "product_id": "T031325", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:7.21.18" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.9.7", "product": { "name": "Atlassian Bitbucket \u003c 8.9.7", "product_id": "T031614", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.9.7" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.11.6", "product": { "name": "Atlassian Bitbucket \u003c 8.11.6", "product_id": "T031615", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.11.6" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.12.4", "product": { "name": "Atlassian Bitbucket \u003c 8.12.4", "product_id": "T031616", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.12.4" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.13.3", "product": { "name": "Atlassian Bitbucket \u003c 8.13.3", "product_id": "T031617", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.13.3" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.14.2", "product": { "name": "Atlassian Bitbucket \u003c 8.14.2", "product_id": "T031618", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.14.2" } } } ], "category": "product_name", "name": "Bitbucket" }, { "branches": [ { "category": "product_name", "name": "Atlassian Confluence \u003c 8.3.4", "product": { "name": "Atlassian Confluence \u003c 8.3.4", "product_id": "T030846", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.3.4" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.6.1", "product": { "name": "Atlassian Confluence \u003c 8.6.1", "product_id": "T031326", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.6.1" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 7.19.17", "product": { "name": "Atlassian Confluence \u003c 7.19.17", "product_id": "T031609", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:7.19.17" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.4.5", "product": { "name": "Atlassian Confluence \u003c 8.4.5", "product_id": "T031610", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.4.5" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.5.4", "product": { "name": "Atlassian Confluence \u003c 8.5.4", "product_id": "T031611", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.5.4" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.6.2", "product": { "name": "Atlassian Confluence \u003c 8.6.2", "product_id": "T031612", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.6.2" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.7.1", "product": { "name": "Atlassian Confluence \u003c 8.7.1", "product_id": "T031613", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.7.1" } } } ], "category": "product_name", "name": "Confluence" }, { "branches": [ { "category": "product_name", "name": "Atlassian Jira Software \u003c 9.11.3", "product": { "name": "Atlassian Jira Software \u003c 9.11.3", "product_id": "T031327", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.11.3" } } }, { "category": "product_name", "name": "Atlassian Jira Software \u003c 9.4.13", "product": { "name": "Atlassian Jira Software \u003c 9.4.13", "product_id": "T031606", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.4.13" } } }, { "category": "product_name", "name": "Atlassian Jira Software Service Management \u003c 4.20.28", "product": { "name": "Atlassian Jira Software Service Management \u003c 4.20.28", "product_id": "T031607", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28" } } }, { "category": "product_name", "name": "Atlassian Jira Software Service Management \u003c 5.4.12", "product": { "name": "Atlassian Jira Software Service Management \u003c 5.4.12", "product_id": "T031608", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12" } } } ], "category": "product_name", "name": "Jira Software" } ], "category": "vendor", "name": "Atlassian" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-42794", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2023-42794" }, { "cve": "CVE-2023-34396", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2023-34396" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-22521", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2023-22521" }, { "cve": "CVE-2023-22516", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2023-22516" }, { "cve": "CVE-2022-45143", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-45143" }, { "cve": "CVE-2022-42890", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-42890" }, { "cve": "CVE-2022-42252", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-42252" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-41704", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-41704" }, { "cve": "CVE-2022-40146", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-40146" }, { "cve": "CVE-2022-28366", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-28366" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2021-46877", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2021-46877" }, { "cve": "CVE-2021-40690", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2021-40690" }, { "cve": "CVE-2021-37714", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2021-37714" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2021-28165" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2017-9735", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2017-9735" }, { "cve": "CVE-2017-7656", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00Z", "title": "CVE-2017-7656" } ] }
wid-sec-w-2023-2676
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle f\u00fcr Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2676 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2676.json" }, { "category": "self", "summary": "WID-SEC-2023-2676 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2676" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Enterprise Manager vom 2023-10-17", "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixEM" } ], "source_lang": "en-US", "title": "Oracle Enterprise Manager: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-10-17T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:48:10.582+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2676", "initial_release_date": "2023-10-17T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-17T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Enterprise Manager 12.4.0.0", "product": { "name": "Oracle Enterprise Manager 12.4.0.0", "product_id": "T018973", "product_identification_helper": { "cpe": "cpe:/a:oracle:enterprise_manager:12.4.0.0" } } }, { "category": "product_name", "name": "Oracle Enterprise Manager 13.3.0.1", "product": { "name": "Oracle Enterprise Manager 13.3.0.1", "product_id": "T018974", "product_identification_helper": { "cpe": "cpe:/a:oracle:enterprise_manager:13.3.0.1" } } }, { "category": "product_name", "name": "Oracle Enterprise Manager 13.5.0.0", "product": { "name": "Oracle Enterprise Manager 13.5.0.0", "product_id": "T020692", "product_identification_helper": { "cpe": "cpe:/a:oracle:enterprise_manager:13.5.0.0" } } }, { "category": "product_name", "name": "Oracle Enterprise Manager 13.5.1.1", "product": { "name": "Oracle Enterprise Manager 13.5.1.1", "product_id": "T022832", "product_identification_helper": { "cpe": "cpe:/a:oracle:enterprise_manager:13.5.1.1" } } } ], "category": "product_name", "name": "Enterprise Manager" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-23914", "notes": [ { "category": "description", "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018973", "T018974", "T022832", "T020692" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-23914" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018973", "T018974", "T022832", "T020692" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018973", "T018974", "T022832", "T020692" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2021-40690", "notes": [ { "category": "description", "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018973", "T018974", "T022832", "T020692" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-40690" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018973", "T018974", "T022832", "T020692" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2020-36518" } ] }
wid-sec-w-2023-0027
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0027 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0027.json" }, { "category": "self", "summary": "WID-SEC-2023-0027 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0027" }, { "category": "external", "summary": "IBM Security Bulletin 6958056 vom 2023-02-24", "url": "https://www.ibm.com/support/pages/node/6958056" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-01-04", "url": "https://www.ibm.com/support/pages/node/6852633" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-01-04", "url": "https://www.ibm.com/support/pages/node/6852613" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-01-04", "url": "https://www.ibm.com/support/pages/node/6852611" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-01-04", "url": "https://www.ibm.com/support/pages/node/6852609" } ], "source_lang": "en-US", "title": "IBM Tivoli Network Manager: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-02-23T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:08:37.524+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0027", "initial_release_date": "2023-01-04T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-04T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-02-23T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Tivoli Network Manager \u003c= 4.2.0.15", "product": { "name": "IBM Tivoli Network Manager \u003c= 4.2.0.15", "product_id": "T024051", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0.15" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager 4.2.0", "product": { "name": "IBM Tivoli Network Manager 4.2.0", "product_id": "T025751", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0" } } } ], "category": "product_name", "name": "Tivoli Network Manager" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-2048", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2022-2048" }, { "cve": "CVE-2022-2047", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2022-2047" }, { "cve": "CVE-2021-41033", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2021-41033" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-11987", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2020-11987" }, { "cve": "CVE-2019-17566", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2019-17566" }, { "cve": "CVE-2018-8013", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2018-8013" }, { "cve": "CVE-2017-5662", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2017-5662" }, { "cve": "CVE-2016-3506", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2016-3506" }, { "cve": "CVE-2015-0250", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2015-0250" }, { "cve": "CVE-2009-4521", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2009-4521" }, { "cve": "CVE-2009-4269", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2009-4269" }, { "cve": "CVE-2007-2378", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen in verschiedenen Komponenten von Drittanbietern wie Google Web Toolkit, Eclipse BIRT, Apache Batik, Apache Derby, Eclipse Equinox, FasterXML jackson-databind, Eclipse Jetty, Netty und JDBC. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und nicht spezifizierte Auswirkungen zu verursachen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T025751" ], "last_affected": [ "T024051" ] }, "release_date": "2023-01-04T23:00:00Z", "title": "CVE-2007-2378" } ] }
wid-sec-w-2023-0139
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Commerce ist eine elektronische Handelsplattform.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0139 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0139.json" }, { "category": "self", "summary": "WID-SEC-2023-0139 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0139" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Commerce vom 2023-01-17", "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOCOM" } ], "source_lang": "en-US", "title": "Oracle Commerce: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-01-17T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:10:40.808+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0139", "initial_release_date": "2023-01-17T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-17T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Commerce 11.3.2", "product": { "name": "Oracle Commerce 11.3.2", "product_id": "T018933", "product_identification_helper": { "cpe": "cpe:/a:oracle:commerce:11.3.2" } } } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-22965", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018933" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2022-22965" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T018933" ] }, "release_date": "2023-01-17T23:00:00Z", "title": "CVE-2020-36518" } ] }
wid-sec-w-2022-0607
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Fuse ist eine Open-Source-Integrationsplattform, die auf Apache Camel basiert.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat FUSE ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0607 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0607.json" }, { "category": "self", "summary": "WID-SEC-2022-0607 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0607" }, { "category": "external", "summary": "RHSA-2022:5532 - Security Advisory vom 2022-07-07", "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5596 vom 2022-07-20", "url": "https://access.redhat.com/errata/RHSA-2022:5596" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-125 vom 2022-07-28", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-125/index.html" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-124 vom 2022-07-28", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-124/index.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-5196 vom 2022-07-31", "url": "https://lists.debian.org/debian-security-announce/2022/msg00165.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5903 vom 2022-08-04", "url": "https://access.redhat.com/errata/RHSA-2022:5903" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6787 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6783 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6822 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6822" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6823 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6823" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6825 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6825" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6821 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6821" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6813 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06", "url": "https://access.redhat.com/errata/RHSA-2022:6835" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20221014-0006 vom 2022-10-14", "url": "https://security.netapp.com/advisory/ntap-20221014-0006/" }, { "category": "external", "summary": "IBM Security Bulletin 6831855 vom 2022-10-26", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-14/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7177 vom 2022-10-25", "url": "https://access.redhat.com/errata/RHSA-2022:7177" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7257 vom 2022-10-29", "url": "https://access.redhat.com/errata/RHSA-2022:7257" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-135 vom 2022-11-01", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-135/index.html" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-137 vom 2022-11-01", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-137/index.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7417 vom 2022-11-03", "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7409 vom 2022-11-03", "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7411 vom 2022-11-03", "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7410 vom 2022-11-03", "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7896 vom 2022-11-09", "url": "https://access.redhat.com/errata/RHSA-2022:7896" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8761 vom 2022-12-14", "url": "https://access.redhat.com/errata/RHSA-2022:8761" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0272 vom 2023-02-06", "url": "https://access.redhat.com/errata/RHSA-2023:0272" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03", "url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-=" }, { "category": "external", "summary": "IBM Security Bulletin 7144861 vom 2024-03-20", "url": "https://www.ibm.com/support/pages/node/7144861" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3061 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:3061" } ], "source_lang": "en-US", "title": "Red Hat FUSE: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-21T22:00:00.000+00:00", "generator": { "date": "2024-05-22T09:10:48.527+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0607", "initial_release_date": "2022-07-07T22:00:00.000+00:00", "revision_history": [ { "date": "2022-07-07T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-07-19T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-07-28T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2022-07-31T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-08-03T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-04T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-05T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-06T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-16T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von NetApp aufgenommen" }, { "date": "2022-10-25T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von IBM und Red Hat aufgenommen" }, { "date": "2022-10-30T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-31T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2022-11-03T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-09T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-14T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-06T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-02-04T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2024-03-20T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "19" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "EMC Avamar", "product": { "name": "EMC Avamar", "product_id": "T014381", "product_identification_helper": { "cpe": "cpe:/a:emc:avamar:-" } } } ], "category": "vendor", "name": "EMC" }, { "branches": [ { "category": "product_name", "name": "Hitachi Ops Center", "product": { "name": "Hitachi Ops Center", "product_id": "T017562", "product_identification_helper": { "cpe": "cpe:/a:hitachi:ops_center:-" } } } ], "category": "vendor", "name": "Hitachi" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "7.5", "product": { "name": "IBM QRadar SIEM 7.5", "product_id": "T022954", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.5" } } }, { "category": "product_version", "name": "7.4", "product": { "name": "IBM QRadar SIEM 7.4", "product_id": "T024775", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.4" } } } ], "category": "product_name", "name": "QRadar SIEM" }, { "branches": [ { "category": "product_version", "name": "Plus 10.1", "product": { "name": "IBM Spectrum Protect Plus 10.1", "product_id": "T015895", "product_identification_helper": { "cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1" } } } ], "category": "product_name", "name": "Spectrum Protect" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "NetApp ActiveIQ Unified Manager", "product": { "name": "NetApp ActiveIQ Unified Manager", "product_id": "658714", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c7.11.0", "product": { "name": "Red Hat FUSE \u003c7.11.0", "product_id": "723344", "product_identification_helper": { "cpe": "cpe:/a:redhat:fuse:6.0.0" } } } ], "category": "product_name", "name": "FUSE" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-15250", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2020-15250" }, { "cve": "CVE-2020-25689", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2020-25689" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-7020", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2020-7020" }, { "cve": "CVE-2020-9484", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2020-9484" }, { "cve": "CVE-2021-22060", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-22060" }, { "cve": "CVE-2021-22096", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-22096" }, { "cve": "CVE-2021-22119", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-22119" }, { "cve": "CVE-2021-22569", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-22569" }, { "cve": "CVE-2021-22573", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-22573" }, { "cve": "CVE-2021-24122", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-24122" }, { "cve": "CVE-2021-2471", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-2471" }, { "cve": "CVE-2021-25122", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-25122" }, { "cve": "CVE-2021-25329", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-25329" }, { "cve": "CVE-2021-29505", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-29505" }, { "cve": "CVE-2021-30640", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-30640" }, { "cve": "CVE-2021-33037", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-33037" }, { "cve": "CVE-2021-33813", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-33813" }, { "cve": "CVE-2021-35515", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-35515" }, { "cve": "CVE-2021-35516", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-35516" }, { "cve": "CVE-2021-35517", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-35517" }, { "cve": "CVE-2021-36090", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-36090" }, { "cve": "CVE-2021-3629", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-3629" }, { "cve": "CVE-2021-3642", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-3642" }, { "cve": "CVE-2021-3644", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-3644" }, { "cve": "CVE-2021-3807", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-3807" }, { "cve": "CVE-2021-38153", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-38153" }, { "cve": "CVE-2021-3859", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-3859" }, { "cve": "CVE-2021-40690", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-40690" }, { "cve": "CVE-2021-41079", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-41079" }, { "cve": "CVE-2021-41766", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-41766" }, { "cve": "CVE-2021-4178", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-4178" }, { "cve": "CVE-2021-42340", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-42340" }, { "cve": "CVE-2021-42550", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-42550" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-43797" }, { "cve": "CVE-2021-43859", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2021-43859" }, { "cve": "CVE-2022-0084", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-0084" }, { "cve": "CVE-2022-1259", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-1259" }, { "cve": "CVE-2022-1319", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-1319" }, { "cve": "CVE-2022-21363", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-21363" }, { "cve": "CVE-2022-21724", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-21724" }, { "cve": "CVE-2022-22932", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-22932" }, { "cve": "CVE-2022-22950", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-22950" }, { "cve": "CVE-2022-22968", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-22968" }, { "cve": "CVE-2022-22970", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-22970" }, { "cve": "CVE-2022-22971", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-22971" }, { "cve": "CVE-2022-22976", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-22976" }, { "cve": "CVE-2022-22978", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-22978" }, { "cve": "CVE-2022-23181", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-23181" }, { "cve": "CVE-2022-23221", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-23221" }, { "cve": "CVE-2022-23596", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-23596" }, { "cve": "CVE-2022-23913", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-23913" }, { "cve": "CVE-2022-24614", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-24614" }, { "cve": "CVE-2022-25845", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-25845" }, { "cve": "CVE-2022-26336", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-26336" }, { "cve": "CVE-2022-26520", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-26520" }, { "cve": "CVE-2022-30126", "notes": [ { "category": "description", "text": "In Red Hat FUSE existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Elasticsearch, Apache Tomcat, JUnit4, WildFly, JetBrains Kotlin, Jackson Databind, MySQL, Undertow, Node.js, Fabric 8 Kubernetes, Spring Framework, XStream, JDOM, Apache Commons, Apache Kafka, Apache Santuario, Apache Karaf, Netty, XNIO, PostgreSQL, Spring Security, H2 Console, Junrar, ActiveMQ Artemis, fast JSON, Apache POI, Postgres JDBC und Apache Tika. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Sicherheitsl\u00fccken erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte." } ], "product_status": { "known_affected": [ "T022954", "T014381", "2951", "67646", "T024775", "658714", "T015895", "T017562" ] }, "release_date": "2022-07-07T22:00:00Z", "title": "CVE-2022-30126" } ] }
wid-sec-w-2022-0360
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Jackson ist eine quelloffene Bibliothek zur JSON-Verarbeitung in Java.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FasterXML Jackson ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0360 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0360.json" }, { "category": "self", "summary": "WID-SEC-2022-0360 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0360" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1678-1 vom 2022-05-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011022.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5101 vom 2022-06-16", "url": "https://access.redhat.com/errata/RHSA-2022:5101" }, { "category": "external", "summary": "National Vulnerability Database vom 2022-05-02", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "Debian Security Advisory vom 2022-05-02", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "category": "external", "summary": "Fix vom 2022-05-02", "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20220506-0004 vom 2022-05-06", "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:2232 vom 2022-05-12", "url": "https://access.redhat.com/errata/RHSA-2022:2232" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5029 vom 2022-06-23", "url": "https://access.redhat.com/errata/RHSA-2022:5029" }, { "category": "external", "summary": "IBM Security Bulletin 6603665 vom 2022-07-15", "url": "https://www.ibm.com/support/pages/node/6603665" }, { "category": "external", "summary": "IBM Security Bulletin 6603415 vom 2022-07-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-fasterxml-jackson-databind-vulnerabilities-cve-2020-36518/" }, { "category": "external", "summary": "HCL Article KB0099669 vom 2022-08-13", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099669" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6407 vom 2022-09-09", "url": "https://access.redhat.com/errata/RHSA-2022:6407" }, { "category": "external", "summary": "Dell Security Advisory DSA-2022-192 vom 2022-09-20", "url": "https://www.dell.com/support/kbdoc/de-de/000201505/dsa-2022-192-dell-emc-data-protection-central-security-update-for-multiple-vulnerabilities" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities", "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6787 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6783 vom 2022-10-04", "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6819 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6819" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6813 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7410 vom 2022-11-03", "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7409 vom 2022-11-03", "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7417 vom 2022-11-03", "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7435 vom 2022-11-16", "url": "https://access.redhat.com/errata/RHSA-2022:7435" }, { "category": "external", "summary": "Debian Security Advisory DSA-5283 vom 2022-11-17", "url": "https://www.debian.org/security/2022/dsa-5283" }, { "category": "external", "summary": "Debian Security Advisory DLA-3207 vom 2022-11-27", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8781 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8781" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8889 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8889" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0264 vom 2023-01-19", "url": "https://access.redhat.com/errata/RHSA-2023:0264" }, { "category": "external", "summary": "Dell Knowledge Base Article", "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities" }, { "category": "external", "summary": "IBM Security Bulletin 6987827 vom 2023-05-02", "url": "https://www.ibm.com/support/pages/node/6987827" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2312 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2312" }, { "category": "external", "summary": "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23", "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-103 vom 2024-01-16", "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-103/index.html" }, { "category": "external", "summary": "IBM Security Bulletin 7153639 vom 2024-05-17", "url": "https://www.ibm.com/support/pages/node/7153639" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3061 vom 2024-05-28", "url": "https://linux.oracle.com/errata/ELSA-2024-3061.html" } ], "source_lang": "en-US", "title": "FasterXML Jackson: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2024-05-28T22:00:00.000+00:00", "generator": { "date": "2024-05-29T08:08:01.592+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0360", "initial_release_date": "2022-05-02T22:00:00.000+00:00", "revision_history": [ { "date": "2022-05-02T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-05-08T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von NetApp aufgenommen" }, { "date": "2022-05-12T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-05-16T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-06-16T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-06-23T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-07-14T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-08-14T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-09-11T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-09-20T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2022-10-03T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates aufgenommen" }, { "date": "2022-10-04T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-05T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-03T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-16T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-17T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-11-27T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-12-07T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-08T23:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-01-19T23:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-02T22:00:00.000+00:00", "number": "21", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2023-05-09T22:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-22T22:00:00.000+00:00", "number": "23", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2024-01-15T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2024-01-25T23:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2024-05-16T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von Oracle Linux aufgenommen" } ], "status": "final", "version": "27" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Dell NetWorker", "product": { "name": "Dell NetWorker", "product_id": "T024663", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:-" } } }, { "category": "product_version_range", "name": "\u003c19.10", "product": { "name": "Dell NetWorker \u003c19.10", "product_id": "T032354", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:19.10" } } } ], "category": "product_name", "name": "NetWorker" } ], "category": "vendor", "name": "Dell" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c2.13.2.2", "product": { "name": "FasterXML Jackson \u003c2.13.2.2", "product_id": "T023026", "product_identification_helper": { "cpe": "cpe:/a:fasterxml:jackson:2.13.2.2" } } }, { "category": "product_version_range", "name": "\u003c2.12.6.1", "product": { "name": "FasterXML Jackson \u003c2.12.6.1", "product_id": "T023027", "product_identification_helper": { "cpe": "cpe:/a:fasterxml:jackson:2.12.6.1" } } } ], "category": "product_name", "name": "Jackson" } ], "category": "vendor", "name": "FasterXML" }, { "branches": [ { "category": "product_name", "name": "HCL Commerce", "product": { "name": "HCL Commerce", "product_id": "T019293", "product_identification_helper": { "cpe": "cpe:/a:hcltechsw:commerce:-" } } } ], "category": "vendor", "name": "HCL" }, { "branches": [ { "category": "product_name", "name": "Hitachi Command Suite", "product": { "name": "Hitachi Command Suite", "product_id": "T010951", "product_identification_helper": { "cpe": "cpe:/a:hitachi:command_suite:-" } } }, { "category": "product_name", "name": "Hitachi Ops Center", "product": { "name": "Hitachi Ops Center", "product_id": "T017562", "product_identification_helper": { "cpe": "cpe:/a:hitachi:ops_center:-" } } } ], "category": "vendor", "name": "Hitachi" }, { "branches": [ { "category": "product_name", "name": "IBM Business Automation Workflow", "product": { "name": "IBM Business Automation Workflow", "product_id": "T019704", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:-" } } }, { "category": "product_name", "name": "IBM Business Process Manager", "product": { "name": "IBM Business Process Manager", "product_id": "T012431", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_process_manager:-" } } }, { "category": "product_name", "name": "IBM MQ", "product": { "name": "IBM MQ", "product_id": "T021398", "product_identification_helper": { "cpe": "cpe:/a:ibm:mq:-" } } }, { "branches": [ { "category": "product_version", "name": "7.6.1", "product": { "name": "IBM Maximo Asset Management 7.6.1", "product_id": "389168", "product_identification_helper": { "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1" } } } ], "category": "product_name", "name": "Maximo Asset Management" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c7.46.3", "product": { "name": "JFrog Artifactory \u003c7.46.3", "product_id": "T024764", "product_identification_helper": { "cpe": "cpe:/a:jfrog:artifactory:7.46.3" } } } ], "category": "product_name", "name": "Artifactory" } ], "category": "vendor", "name": "JFrog" }, { "branches": [ { "category": "product_name", "name": "NetApp ActiveIQ Unified Manager", "product": { "name": "NetApp ActiveIQ Unified Manager", "product_id": "T016960", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:-" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat OpenShift", "product": { "name": "Red Hat OpenShift", "product_id": "T008027", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in FasterXML Jackson. Der Fehler besteht aufgrund einer Java StackOverflow-Exception wegen einer hohen Anzahl von verschachtelten Objekten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T008027", "67646", "T010951", "389168", "T019293", "T012431", "T004914", "T016960", "T032354", "T017562", "2951", "T002207", "T019704", "T024663", "T024764", "T021398" ] }, "release_date": "2022-05-02T22:00:00Z", "title": "CVE-2020-36518" } ] }
wid-sec-w-2023-1548
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1548 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1548.json" }, { "category": "self", "summary": "WID-SEC-2023-1548 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1548" }, { "category": "external", "summary": "IBM Security Bulletin vom 2023-10-27", "url": "https://www.ibm.com/support/pages/node/7060803" }, { "category": "external", "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22", "url": "https://www.ibm.com/support/pages/node/7006069" }, { "category": "external", "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22", "url": "https://www.ibm.com/support/pages/node/7006085" }, { "category": "external", "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22", "url": "https://www.ibm.com/support/pages/node/7006083" }, { "category": "external", "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22", "url": "https://www.ibm.com/support/pages/node/7006081" }, { "category": "external", "summary": "IBM Security Bulletin: 7006057 vom 2023-06-22", "url": "https://www.ibm.com/support/pages/node/7006057" } ], "source_lang": "en-US", "title": "IBM QRadar SIEM: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-10-29T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:32:25.886+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1548", "initial_release_date": "2023-06-22T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-22T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-10-29T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM QRadar SIEM 7.5.0", "product": { "name": "IBM QRadar SIEM 7.5.0", "product_id": "T023574", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.5.0" } } }, { "category": "product_name", "name": "IBM QRadar SIEM \u003c 7.5.0 UP6", "product": { "name": "IBM QRadar SIEM \u003c 7.5.0 UP6", "product_id": "T028300", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up6" } } } ], "category": "product_name", "name": "QRadar SIEM" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-26276", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-26276" }, { "cve": "CVE-2023-26274", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-26274" }, { "cve": "CVE-2023-26273", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-26273" }, { "cve": "CVE-2022-39135", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-39135" }, { "cve": "CVE-2022-34352", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-34352" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-35491", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-35491" }, { "cve": "CVE-2020-35490", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-35490" }, { "cve": "CVE-2020-13955", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-13955" }, { "cve": "CVE-2020-11971", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-11971" }, { "cve": "CVE-2018-7489", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen im Kernsystem als auch in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen verursachen." } ], "product_status": { "known_affected": [ "T023574" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2018-7489" } ] }
wid-sec-w-2024-0794
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Dell ECS ist ein Objektspeichersystem.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0794 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json" }, { "category": "self", "summary": "WID-SEC-2024-0794 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-141 vom 2024-04-04", "url": "https://www.dell.com/support/kbdoc/000223839/dsa-2024-=" } ], "source_lang": "en-US", "title": "Dell ECS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-04T22:00:00.000+00:00", "generator": { "date": "2024-04-05T09:37:24.604+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0794", "initial_release_date": "2024-04-04T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-04T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 3.8.1.0", "product": { "name": "Dell ECS \u003c 3.8.1.0", "product_id": "T033919", "product_identification_helper": { "cpe": "cpe:/h:dell:ecs:3.8.1.0" } } } ], "category": "product_name", "name": "ECS" } ], "category": "vendor", "name": "Dell" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-18074", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2018-18074" }, { "cve": "CVE-2020-10663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10663" }, { "cve": "CVE-2020-10672", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10672" }, { "cve": "CVE-2020-10673", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10673" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10735" }, { "cve": "CVE-2020-10968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10968" }, { "cve": "CVE-2020-10969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10969" }, { "cve": "CVE-2020-11111", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11111" }, { "cve": "CVE-2020-11112", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11112" }, { "cve": "CVE-2020-11113", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11113" }, { "cve": "CVE-2020-11612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11612" }, { "cve": "CVE-2020-11619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11619" }, { "cve": "CVE-2020-11620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11620" }, { "cve": "CVE-2020-11979", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11979" }, { "cve": "CVE-2020-12762", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12762" }, { "cve": "CVE-2020-12825", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12825" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-13956" }, { "cve": "CVE-2020-14060", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14060" }, { "cve": "CVE-2020-14061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14061" }, { "cve": "CVE-2020-14062", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14062" }, { "cve": "CVE-2020-14195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14195" }, { "cve": "CVE-2020-15250", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-15250" }, { "cve": "CVE-2020-1945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1945" }, { "cve": "CVE-2020-1967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1967" }, { "cve": "CVE-2020-1971", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1971" }, { "cve": "CVE-2020-24616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24616" }, { "cve": "CVE-2020-24750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24750" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-25658", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25658" }, { "cve": "CVE-2020-26116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26116" }, { "cve": "CVE-2020-26137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26137" }, { "cve": "CVE-2020-26541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26541" }, { "cve": "CVE-2020-27216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27216" }, { "cve": "CVE-2020-27218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27218" }, { "cve": "CVE-2020-27223", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27223" }, { "cve": "CVE-2020-28366", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28366" }, { "cve": "CVE-2020-28493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28493" }, { "cve": "CVE-2020-29509", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29509" }, { "cve": "CVE-2020-29511", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29511" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-29651", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29651" }, { "cve": "CVE-2020-35490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35490" }, { "cve": "CVE-2020-35491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35491" }, { "cve": "CVE-2020-35728", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35728" }, { "cve": "CVE-2020-36179", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36179" }, { "cve": "CVE-2020-36180", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36180" }, { "cve": "CVE-2020-36181", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36181" }, { "cve": "CVE-2020-36182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36182" }, { "cve": "CVE-2020-36183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36183" }, { "cve": "CVE-2020-36184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36184" }, { "cve": "CVE-2020-36185", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36185" }, { "cve": "CVE-2020-36186", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36186" }, { "cve": "CVE-2020-36187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36187" }, { "cve": "CVE-2020-36188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36188" }, { "cve": "CVE-2020-36189", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36189" }, { "cve": "CVE-2020-36516", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36516" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-36557", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36557" }, { "cve": "CVE-2020-36558", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36558" }, { "cve": "CVE-2020-36691", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36691" }, { "cve": "CVE-2020-7238", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-7238" }, { "cve": "CVE-2020-8840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8840" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2020-8911", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8911" }, { "cve": "CVE-2020-8912", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8912" }, { "cve": "CVE-2020-9488", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9488" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-9546", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9546" }, { "cve": "CVE-2020-9547", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9547" }, { "cve": "CVE-2020-9548", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9548" }, { "cve": "CVE-2021-20190", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20190" }, { "cve": "CVE-2021-20323", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20323" }, { "cve": "CVE-2021-21290", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21290" }, { "cve": "CVE-2021-21295", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21295" }, { "cve": "CVE-2021-21409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21409" }, { "cve": "CVE-2021-23840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23840" }, { "cve": "CVE-2021-23841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23841" }, { "cve": "CVE-2021-2471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-2471" }, { "cve": "CVE-2021-25642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-25642" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-28153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28153" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28165" }, { "cve": "CVE-2021-28169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28169" }, { "cve": "CVE-2021-28861", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28861" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-30560", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-30560" }, { "cve": "CVE-2021-3114", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3114" }, { "cve": "CVE-2021-33036", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33036" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33503" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3424" }, { "cve": "CVE-2021-34428", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-34428" }, { "cve": "CVE-2021-3449", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3450" }, { "cve": "CVE-2021-3530", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3530" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36373" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-3648", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3648" }, { "cve": "CVE-2021-36690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36690" }, { "cve": "CVE-2021-3711", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3711" }, { "cve": "CVE-2021-3712", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3712" }, { "cve": "CVE-2021-37136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37136" }, { "cve": "CVE-2021-37137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37137" }, { "cve": "CVE-2021-37404", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37404" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-3754", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3754" }, { "cve": "CVE-2021-3778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3778" }, { "cve": "CVE-2021-3796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3796" }, { "cve": "CVE-2021-3826", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3826" }, { "cve": "CVE-2021-3827", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3827" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-3872", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3872" }, { "cve": "CVE-2021-3875", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3875" }, { "cve": "CVE-2021-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3903" }, { "cve": "CVE-2021-3923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3923" }, { "cve": "CVE-2021-3927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3927" }, { "cve": "CVE-2021-3928", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3928" }, { "cve": "CVE-2021-3968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3968" }, { "cve": "CVE-2021-3973", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3973" }, { "cve": "CVE-2021-3974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3974" }, { "cve": "CVE-2021-3984", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3984" }, { "cve": "CVE-2021-4019", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4019" }, { "cve": "CVE-2021-4037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4037" }, { "cve": "CVE-2021-4069", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4069" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4104" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4136" }, { "cve": "CVE-2021-4157", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4157" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4203", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4203" }, { "cve": "CVE-2021-42567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-42567" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-43797" }, { "cve": "CVE-2021-44531", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44531" }, { "cve": "CVE-2021-44532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44532" }, { "cve": "CVE-2021-44533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44533" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44878", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44878" }, { "cve": "CVE-2021-45078", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-45078" }, { "cve": "CVE-2021-46195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46195" }, { "cve": "CVE-2021-46828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46828" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0128" }, { "cve": "CVE-2022-0213", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0213" }, { "cve": "CVE-2022-0225", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0225" }, { "cve": "CVE-2022-0261", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0261" }, { "cve": "CVE-2022-0318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0318" }, { "cve": "CVE-2022-0319", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0319" }, { "cve": "CVE-2022-0351", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0351" }, { "cve": "CVE-2022-0359", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0359" }, { "cve": "CVE-2022-0361", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0361" }, { "cve": "CVE-2022-0392", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0392" }, { "cve": "CVE-2022-0407", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0407" }, { "cve": "CVE-2022-0413", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0413" }, { "cve": "CVE-2022-0561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0561" }, { "cve": "CVE-2022-0696", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0696" }, { "cve": "CVE-2022-0778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0778" }, { "cve": "CVE-2022-1184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1184" }, { "cve": "CVE-2022-1245", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1245" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-1292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1292" }, { "cve": "CVE-2022-1381", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1381" }, { "cve": "CVE-2022-1420", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1420" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-1466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1466" }, { "cve": "CVE-2022-1471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1471" }, { "cve": "CVE-2022-1586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1586" }, { "cve": "CVE-2022-1587", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1587" }, { "cve": "CVE-2022-1616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1616" }, { "cve": "CVE-2022-1619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1619" }, { "cve": "CVE-2022-1620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1620" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1720", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1720" }, { "cve": "CVE-2022-1729", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1729" }, { "cve": "CVE-2022-1733", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1733" }, { "cve": "CVE-2022-1735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1735" }, { "cve": "CVE-2022-1771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1771" }, { "cve": "CVE-2022-1785", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1785" }, { "cve": "CVE-2022-1796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1796" }, { "cve": "CVE-2022-1851", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1851" }, { "cve": "CVE-2022-1897", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1897" }, { "cve": "CVE-2022-1898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1898" }, { "cve": "CVE-2022-1927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1927" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1968" }, { "cve": "CVE-2022-1974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1974" }, { "cve": "CVE-2022-1975", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1975" }, { "cve": "CVE-2022-20132", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20132" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-20154", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20154" }, { "cve": "CVE-2022-20166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20166" }, { "cve": "CVE-2022-20368", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20368" }, { "cve": "CVE-2022-20369", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20369" }, { "cve": "CVE-2022-2047", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2047" }, { "cve": "CVE-2022-2048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2048" }, { "cve": "CVE-2022-20567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20567" }, { "cve": "CVE-2022-2068", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2068" }, { "cve": "CVE-2022-2097", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2097" }, { "cve": "CVE-2022-21216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21216" }, { "cve": "CVE-2022-21233", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21233" }, { "cve": "CVE-2022-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2124" }, { "cve": "CVE-2022-2125", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2125" }, { "cve": "CVE-2022-2126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2126" }, { "cve": "CVE-2022-2129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2129" }, { "cve": "CVE-2022-21363", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21363" }, { "cve": "CVE-2022-21385", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21385" }, { "cve": "CVE-2022-21499", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21499" }, { "cve": "CVE-2022-2153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2153" }, { "cve": "CVE-2022-21540", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21540" }, { "cve": "CVE-2022-21541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21541" }, { "cve": "CVE-2022-21549", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21549" }, { "cve": "CVE-2022-21618", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21618" }, { "cve": "CVE-2022-21619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21619" }, { "cve": "CVE-2022-21624", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21624" }, { "cve": "CVE-2022-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21626" }, { "cve": "CVE-2022-21628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21628" }, { "cve": "CVE-2022-21702", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21702" }, { "cve": "CVE-2022-2175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2175" }, { "cve": "CVE-2022-2182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2182" }, { "cve": "CVE-2022-2183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2183" }, { "cve": "CVE-2022-2206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2206" }, { "cve": "CVE-2022-2207", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2207" }, { "cve": "CVE-2022-2208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2208" }, { "cve": "CVE-2022-2210", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2210" }, { "cve": "CVE-2022-2231", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2231" }, { "cve": "CVE-2022-2256", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2256" }, { "cve": "CVE-2022-2257", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2257" }, { "cve": "CVE-2022-2264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2264" }, { "cve": "CVE-2022-2284", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2284" }, { "cve": "CVE-2022-2285", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2285" }, { "cve": "CVE-2022-2286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2286" }, { "cve": "CVE-2022-2287", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2287" }, { "cve": "CVE-2022-22976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22976" }, { "cve": "CVE-2022-22978", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22978" }, { "cve": "CVE-2022-2304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2304" }, { "cve": "CVE-2022-2318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2318" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-2343", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2343" }, { "cve": "CVE-2022-2344", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2344" }, { "cve": "CVE-2022-2345", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2345" }, { "cve": "CVE-2022-23471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23471" }, { "cve": "CVE-2022-23521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23521" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-24302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24302" }, { "cve": "CVE-2022-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24329" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-24903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24903" }, { "cve": "CVE-2022-2503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2503" }, { "cve": "CVE-2022-25147", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25147" }, { "cve": "CVE-2022-25168", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25168" }, { "cve": "CVE-2022-2519", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2519" }, { "cve": "CVE-2022-2520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2520" }, { "cve": "CVE-2022-2521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2521" }, { "cve": "CVE-2022-2522", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2522" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2022-2571", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2571" }, { "cve": "CVE-2022-2580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2580" }, { "cve": "CVE-2022-2581", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2581" }, { "cve": "CVE-2022-25857", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25857" }, { "cve": "CVE-2022-2588", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2588" }, { "cve": "CVE-2022-2598", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2598" }, { "cve": "CVE-2022-26148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26148" }, { "cve": "CVE-2022-26365", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26365" }, { "cve": "CVE-2022-26373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26373" }, { "cve": "CVE-2022-2639", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2639" }, { "cve": "CVE-2022-26612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26612" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-27943", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27943" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-2816", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2816" }, { "cve": "CVE-2022-2817", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2817" }, { "cve": "CVE-2022-2819", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2819" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2845", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2845" }, { "cve": "CVE-2022-2849", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2849" }, { "cve": "CVE-2022-2862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2862" }, { "cve": "CVE-2022-2867", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2867" }, { "cve": "CVE-2022-2868", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2868" }, { "cve": "CVE-2022-2869", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2869" }, { "cve": "CVE-2022-28693", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28693" }, { "cve": "CVE-2022-2874", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2874" }, { "cve": "CVE-2022-28748", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28748" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2889" }, { "cve": "CVE-2022-29162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29162" }, { "cve": "CVE-2022-29187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29187" }, { "cve": "CVE-2022-2923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2923" }, { "cve": "CVE-2022-2946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2946" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29583", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29583" }, { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2977", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2977" }, { "cve": "CVE-2022-2980", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2980" }, { "cve": "CVE-2022-2982", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2982" }, { "cve": "CVE-2022-29900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29900" }, { "cve": "CVE-2022-29901", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29901" }, { "cve": "CVE-2022-2991", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2991" }, { "cve": "CVE-2022-3016", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3016" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3028" }, { "cve": "CVE-2022-3037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3037" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-3099", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3099" }, { "cve": "CVE-2022-31030", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31030" }, { "cve": "CVE-2022-31159", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31159" }, { "cve": "CVE-2022-3134", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3134" }, { "cve": "CVE-2022-3153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3153" }, { "cve": "CVE-2022-3169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3169" }, { "cve": "CVE-2022-31690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31690" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-3234", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3234" }, { "cve": "CVE-2022-3235", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3235" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-3278", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3278" }, { "cve": "CVE-2022-3296", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3296" }, { "cve": "CVE-2022-3297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3297" }, { "cve": "CVE-2022-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33196" }, { "cve": "CVE-2022-3324", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3324" }, { "cve": "CVE-2022-3352", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3352" }, { "cve": "CVE-2022-33740", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33740" }, { "cve": "CVE-2022-33741", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33741" }, { "cve": "CVE-2022-33742", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33742" }, { "cve": "CVE-2022-33972", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33972" }, { "cve": "CVE-2022-33981", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33981" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3424" }, { "cve": "CVE-2022-34266", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34266" }, { "cve": "CVE-2022-34526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34526" }, { "cve": "CVE-2022-34903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34903" }, { "cve": "CVE-2022-3491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3491" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3520" }, { "cve": "CVE-2022-3521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3521" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3542", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3542" }, { "cve": "CVE-2022-3545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3545" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3565", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3565" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-3586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3586" }, { "cve": "CVE-2022-3591", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3591" }, { "cve": "CVE-2022-3594", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3594" }, { "cve": "CVE-2022-3597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3597" }, { "cve": "CVE-2022-3599", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3599" }, { "cve": "CVE-2022-36109", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36109" }, { "cve": "CVE-2022-3621", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3621" }, { "cve": "CVE-2022-3626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3626" }, { "cve": "CVE-2022-3627", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3627" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-36280", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36280" }, { "cve": "CVE-2022-3629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3629" }, { "cve": "CVE-2022-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3635" }, { "cve": "CVE-2022-3643", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3643" }, { "cve": "CVE-2022-36437", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36437" }, { "cve": "CVE-2022-3646", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3646" }, { "cve": "CVE-2022-3649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3649" }, { "cve": "CVE-2022-36760", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36760" }, { "cve": "CVE-2022-36879", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36879" }, { "cve": "CVE-2022-36946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36946" }, { "cve": "CVE-2022-3705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3705" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-37865", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37865" }, { "cve": "CVE-2022-37866", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37866" }, { "cve": "CVE-2022-38090", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38090" }, { "cve": "CVE-2022-38096", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38096" }, { "cve": "CVE-2022-38126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38126" }, { "cve": "CVE-2022-38127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38127" }, { "cve": "CVE-2022-38177", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38177" }, { "cve": "CVE-2022-38178", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38178" }, { "cve": "CVE-2022-3821", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3821" }, { "cve": "CVE-2022-38533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38533" }, { "cve": "CVE-2022-38749", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38749" }, { "cve": "CVE-2022-38750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38750" }, { "cve": "CVE-2022-38751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38751" }, { "cve": "CVE-2022-38752", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38752" }, { "cve": "CVE-2022-39028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39028" }, { "cve": "CVE-2022-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3903" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-39399", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39399" }, { "cve": "CVE-2022-3970", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3970" }, { "cve": "CVE-2022-40149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40149" }, { "cve": "CVE-2022-40150", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40150" }, { "cve": "CVE-2022-40151", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40151" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40153" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40307" }, { "cve": "CVE-2022-40674", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40674" }, { "cve": "CVE-2022-40768", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40768" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-4095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4095" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-4141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4141" }, { "cve": "CVE-2022-41717", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41717" }, { "cve": "CVE-2022-41721", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41721" }, { "cve": "CVE-2022-41848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41848" }, { "cve": "CVE-2022-41850", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41850" }, { "cve": "CVE-2022-41854", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41854" }, { "cve": "CVE-2022-41858", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41858" }, { "cve": "CVE-2022-41881", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41881" }, { "cve": "CVE-2022-41903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41903" }, { "cve": "CVE-2022-41915", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41915" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42328" }, { "cve": "CVE-2022-42329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42329" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42895", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42895" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-4292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4292" }, { "cve": "CVE-2022-4293", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4293" }, { "cve": "CVE-2022-42969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42969" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-43995", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43995" }, { "cve": "CVE-2022-4415", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4415" }, { "cve": "CVE-2022-4450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4450" }, { "cve": "CVE-2022-44638", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-44638" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-45884", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45884" }, { "cve": "CVE-2022-45885", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45885" }, { "cve": "CVE-2022-45886", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45886" }, { "cve": "CVE-2022-45887", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45887" }, { "cve": "CVE-2022-45919", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45919" }, { "cve": "CVE-2022-45934", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45934" }, { "cve": "CVE-2022-45939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45939" }, { "cve": "CVE-2022-4662", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4662" }, { "cve": "CVE-2022-46751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46751" }, { "cve": "CVE-2022-46908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46908" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-48281", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48281" }, { "cve": "CVE-2022-48337", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48337" }, { "cve": "CVE-2022-48339", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48339" }, { "cve": "CVE-2023-0045", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0045" }, { "cve": "CVE-2023-0049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0049" }, { "cve": "CVE-2023-0051", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0051" }, { "cve": "CVE-2023-0054", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0054" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0288", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0288" }, { "cve": "CVE-2023-0433", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0433" }, { "cve": "CVE-2023-0464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0464" }, { "cve": "CVE-2023-0465", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0465" }, { "cve": "CVE-2023-0466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0466" }, { "cve": "CVE-2023-0512", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0512" }, { "cve": "CVE-2023-0590", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0590" }, { "cve": "CVE-2023-0597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0597" }, { "cve": "CVE-2023-0833", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0833" }, { "cve": "CVE-2023-1076", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1076" }, { "cve": "CVE-2023-1095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1095" }, { "cve": "CVE-2023-1118", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1118" }, { "cve": "CVE-2023-1127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1127" }, { "cve": "CVE-2023-1170", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1170" }, { "cve": "CVE-2023-1175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1175" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2023-1380", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1380" }, { "cve": "CVE-2023-1390", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1390" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1436" }, { "cve": "CVE-2023-1513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1513" }, { "cve": "CVE-2023-1611", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1611" }, { "cve": "CVE-2023-1670", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1670" }, { "cve": "CVE-2023-1855", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1855" }, { "cve": "CVE-2023-1989", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1989" }, { "cve": "CVE-2023-1990", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1990" }, { "cve": "CVE-2023-1998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1998" }, { "cve": "CVE-2023-20862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-20862" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-2162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2162" }, { "cve": "CVE-2023-2176", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2176" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-21835", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21835" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-22490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22490" }, { "cve": "CVE-2023-2253", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2253" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-23455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23455" }, { "cve": "CVE-2023-23559", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23559" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-23946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23946" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-24532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24532" }, { "cve": "CVE-2023-24534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24534" }, { "cve": "CVE-2023-2483", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2483" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-2513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2513" }, { "cve": "CVE-2023-25193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25193" }, { "cve": "CVE-2023-25652", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25652" }, { "cve": "CVE-2023-25690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25690" }, { "cve": "CVE-2023-25809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25809" }, { "cve": "CVE-2023-25815", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25815" }, { "cve": "CVE-2023-26048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26048" }, { "cve": "CVE-2023-26049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26049" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26545" }, { "cve": "CVE-2023-26604", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26604" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-27561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27561" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-28320", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28320" }, { "cve": "CVE-2023-28321", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28321" }, { "cve": "CVE-2023-28322", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28322" }, { "cve": "CVE-2023-28328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28328" }, { "cve": "CVE-2023-28464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28464" }, { "cve": "CVE-2023-28486", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28486" }, { "cve": "CVE-2023-28487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28487" }, { "cve": "CVE-2023-28642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28642" }, { "cve": "CVE-2023-28772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28772" }, { "cve": "CVE-2023-28840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28840" }, { "cve": "CVE-2023-28841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28841" }, { "cve": "CVE-2023-28842", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28842" }, { "cve": "CVE-2023-29007", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29007" }, { "cve": "CVE-2023-29383", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29383" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29406", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29406" }, { "cve": "CVE-2023-29409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29409" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30630" }, { "cve": "CVE-2023-30772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30772" }, { "cve": "CVE-2023-31084", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31084" }, { "cve": "CVE-2023-3138", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3138" }, { "cve": "CVE-2023-31436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31436" }, { "cve": "CVE-2023-31484", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31484" }, { "cve": "CVE-2023-32269", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32269" }, { "cve": "CVE-2023-32697", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32697" }, { "cve": "CVE-2023-33264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-33264" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-34035", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34035" }, { "cve": "CVE-2023-34453", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34453" }, { "cve": "CVE-2023-34454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34454" }, { "cve": "CVE-2023-34455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34455" }, { "cve": "CVE-2023-34462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34462" }, { "cve": "CVE-2023-35116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-35116" }, { "cve": "CVE-2023-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3635" }, { "cve": "CVE-2023-36479", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-36479" }, { "cve": "CVE-2023-39533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-39533" }, { "cve": "CVE-2023-40167", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40167" }, { "cve": "CVE-2023-40217", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40217" }, { "cve": "CVE-2023-41105", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41105" }, { "cve": "CVE-2023-41900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41900" }, { "cve": "CVE-2023-43642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43642" }, { "cve": "CVE-2023-43804", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43804" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45803", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-45803" }, { "cve": "CVE-2024-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2024-21626" } ] }
gsd-2020-36518
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2020-36518", "description": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.", "id": "GSD-2020-36518", "references": [ "https://www.suse.com/security/cve/CVE-2020-36518.html", "https://access.redhat.com/errata/RHSA-2022:2232", "https://access.redhat.com/errata/RHSA-2022:4918", "https://access.redhat.com/errata/RHSA-2022:4919", "https://access.redhat.com/errata/RHSA-2022:4922", "https://access.redhat.com/errata/RHSA-2022:5029", "https://access.redhat.com/errata/RHSA-2022:5101", "https://access.redhat.com/errata/RHSA-2022:5532", "https://access.redhat.com/errata/RHSA-2022:5596", "https://www.debian.org/security/2022/dsa-5283", "https://access.redhat.com/errata/RHSA-2022:6407", "https://access.redhat.com/errata/RHSA-2022:6782", "https://access.redhat.com/errata/RHSA-2022:6783", "https://access.redhat.com/errata/RHSA-2022:6787", "https://access.redhat.com/errata/RHSA-2022:6819", "https://access.redhat.com/errata/RHSA-2022:7409", "https://access.redhat.com/errata/RHSA-2022:7410", "https://access.redhat.com/errata/RHSA-2022:7411", "https://access.redhat.com/errata/RHSA-2022:7417", "https://access.redhat.com/errata/RHSA-2022:7435", "https://access.redhat.com/errata/RHSA-2022:8781", "https://access.redhat.com/errata/RHSA-2022:8889", "https://access.redhat.com/errata/RHSA-2023:0264", "https://access.redhat.com/errata/RHSA-2022:6813" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-36518" ], "details": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.", "id": "GSD-2020-36518", "modified": "2023-12-13T01:21:55.790342Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36518", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FasterXML/jackson-databind/issues/2816", "refsource": "MISC", "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220506-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "name": "DSA-5283", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5283" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,2.12.6.1),[2.13.0,2.13.2.1)", "affected_versions": "All versions before 2.12.6.1, all versions starting from 2.13.0 before 2.13.2.1", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-03-22", "description": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.", "fixed_versions": [ "2.12.6.1", "2.13.2.1" ], "identifier": "CVE-2020-36518", "identifiers": [ "GHSA-57j2-w4cx-62h2", "CVE-2020-36518" ], "not_impacted": "All versions starting from 2.12.6.1 before 2.13.0, all versions starting from 2.13.2.1", "package_slug": "maven/com.fasterxml.jackson.core/jackson-databind", "pubdate": "2022-03-12", "solution": "Upgrade to version 2.12.6.1, 2.12.2.1 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "https://github.com/FasterXML/jackson-databind/issues/2816", "https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b", "https://github.com/advisories/GHSA-57j2-w4cx-62h2" ], "uuid": "1d7c5b63-2a0a-4f44-9cc9-cea7c89640d0" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.6.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.13.2.1", "versionStartIncluding": "2.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "23.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.0.6.0", "versionStartIncluding": "12.0.0.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.9.4.2.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.18", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.13", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.1", "versionStartIncluding": "21.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.14", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.25.4", "versionStartIncluding": "18.8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.19.0", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0.0", "versionStartIncluding": "8.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.4.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.20.4", "versionStartIncluding": "17.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.30", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36518" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FasterXML/jackson-databind/issues/2816", "refsource": "MISC", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update", "refsource": "MLIST", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220506-0004/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "DSA-5283", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2022-11-29T22:12Z", "publishedDate": "2022-03-11T07:15Z" } } }
ghsa-57j2-w4cx-62h2
Vulnerability from github
jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 2.13.2.0" }, "package": { "ecosystem": "Maven", "name": "com.fasterxml.jackson.core:jackson-databind" }, "ranges": [ { "events": [ { "introduced": "2.13.0" }, { "fixed": "2.13.2.1" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.12.6.0" }, "package": { "ecosystem": "Maven", "name": "com.fasterxml.jackson.core:jackson-databind" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.12.6.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-36518" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": true, "github_reviewed_at": "2022-03-22T14:36:44Z", "nvd_published_at": "2022-03-11T07:15:00Z", "severity": "HIGH" }, "details": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", "id": "GHSA-57j2-w4cx-62h2", "modified": "2024-03-15T00:24:56Z", "published": "2022-03-12T00:00:36Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b" }, { "type": "PACKAGE", "url": "https://github.com/FasterXML/jackson-databind" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20220506-0004" }, { "type": "WEB", "url": "https://www.debian.org/security/2022/dsa-5283" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Deeply nested json in jackson-databind" }
var-202203-1400
Vulnerability from variot
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
Security Fix(es):
-
chart.js: prototype pollution (CVE-2020-7746)
-
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
-
package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
-
artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
-
Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
-
cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
-
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
-
jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
-
jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
-
Moment.js: Path traversal in moment.locale (CVE-2022-24785)
-
org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
-
org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
-
parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
-
xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
-
eventsource: Exposure of Sensitive Information (CVE-2022-1650)
-
mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
-
node-forge: Signature verification leniency in checking
digestAlgorithm
structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Red Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link. You must log in to download the update. Bugs fixed (https://bugzilla.redhat.com/):
2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2066009 - CVE-2021-44906 minimist: prototype pollution
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking digestAlgorithm
structure can lead to signature forgery
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
2096966 - CVE-2020-7746 chart.js: prototype pollution
2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack
- Description:
Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection 2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - noarch
- Description:
Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Data Grid 8.3.1 security update Advisory ID: RHSA-2022:2232-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:2232 Issue date: 2022-05-12 CVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 =====================================================================
- Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3].
Security Fix(es):
-
jackson-databind: denial of service via a large depth of nested objects [jdg-8] (CVE-2020-36518)
-
kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients [jdg-8] (CVE-2021-38153)
-
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [jdg-8] (CVE-2022-0084)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 8.3.1 Server patch from the customer portal[²].
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 8.3.1 Server patch.
- Restart Data Grid to ensure the changes take effect.
For more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[³]
- Bugs fixed (https://bugzilla.redhat.com/):
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
- References:
https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP WArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt c2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO lxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8 yVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6 /13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0 8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ YY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI dzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO XyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn Vt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy IZnZKy4mPpA= =6Kqs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3252 - [release-5.4]Adding Valid Subscription Annotation
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1400", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.6.0" }, { "model": "financial services trade-based anti money laundering", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "communications cloud native core console", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.20.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.3.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.25.4" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.2.0" }, { "model": "financial services trade-based anti money laundering", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "global lifecycle management nextgen oui framework", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "snap creator framework", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "financial services analytical applications infrastructure", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.7" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.1" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.3.0.5.0" }, { "model": "financial services behavior detection platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "big data spatial and graph", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "23.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "financial services analytical applications infrastructure", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.0.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "20.12.18" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.13.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.12.6.1" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.12.1" }, { "model": "coherence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.2" }, { "model": "financial services crime and compliance management studio", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.2.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0.0" }, { "model": "utilities framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4.0.5.0" }, { "model": "communications cloud native core service communication proxy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "communications cloud native core binding support function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.3" }, { "model": "communications cloud native core security edge protection proxy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.1" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.13.2.1" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.1" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "financial services behavior detection platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "communications cloud native core network slice selection function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.1" }, { "model": "global lifecycle management opatch", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1.30" }, { "model": "financial services crime and compliance management studio", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8.3.0" }, { "model": "communications cloud native core network slice selection function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "22.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.14" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0.0" }, { "model": "financial services enterprise case management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "communications billing and revenue management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.6.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.19.0" }, { "model": "retail sales audit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.2.0" }, { "model": "financial services behavior detection platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.0.0" }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "21.12.0" }, { "model": "financial services behavior detection platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.8" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1.0.5.2" }, { "model": "spatial studio", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "20.1.0" }, { "model": "cloud insights acquisition unit", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "financial services enterprise case management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "financial services analytical applications infrastructure", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.1.0" }, { "model": "graph server and client", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "22.2.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "financial services enterprise case management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.7.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0.0" }, { "model": "global lifecycle management nextgen oui framework", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.9.4.2.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.13" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.12.4.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36518" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.6.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.13.2.1", "versionStartIncluding": "2.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "23.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.0.0.6.0", "versionStartIncluding": "12.0.0.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.9.4.2.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.18", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.13", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.1", "versionStartIncluding": "21.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.14", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.2.1", "versionStartIncluding": "8.1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.25.4", "versionStartIncluding": "18.8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.19.0", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.1.0.0", "versionStartIncluding": "8.0.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.12.4.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.20.4", "versionStartIncluding": "17.12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.0.1.30", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "22.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36518" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" } ], "trust": 0.9 }, "cve": "CVE-2020-36518", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-415522", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36518", "trust": 1.0, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-415522", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a\nbypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack\n(CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized\nActor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability\n(CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin\nClasses (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution\n(CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution\n(CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in\nGitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML\ndocument payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes\ncan lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm`\nstructure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nRed Hat recommends that you halt the server by stopping the JBoss\nApplication Server process before installing this update. After installing\nthe update, restart the server by starting the JBoss Application Server\nprocess. \n\nThe References section of this erratum contains a download link. You must\nlog in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2096966 - CVE-2020-7746 chart.js: prototype pollution\n2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack\n\n5. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection\n2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - noarch\n\n3. Description:\n\nJackson is a suite of data-processing tools for Java, including the\nflagship streaming JSON parser / generator library, matching data-binding\nlibrary, and additional modules to process data encoded in various other\ndata formats. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.3.1 security update\nAdvisory ID: RHSA-2022:2232-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2232\nIssue date: 2022-05-12\nCVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. \n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects\n[jdg-8] (CVE-2020-36518)\n\n* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka\nConnect and Clients [jdg-8] (CVE-2021-38153)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of\nstderr [jdg-8] (CVE-2022-0084)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.3.1 Server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.3.1 Server patch. \n4. Restart Data Grid to ensure the changes take effect. \n\nFor more information about Data Grid 8.3.1, refer to the 8.3.1 Release\nNotes[\u00b3]\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2021-38153\nhttps://access.redhat.com/security/cve/CVE-2022-0084\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=8.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP\nWArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt\nc2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO\nlxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8\nyVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6\n/13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0\n8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ\nYY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI\ndzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO\nXyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn\nVt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy\nIZnZKy4mPpA=\n=6Kqs\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3252 - [release-5.4]Adding Valid Subscription Annotation\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2020-36518" }, { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" } ], "trust": 1.8 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-415522", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36518", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "169920", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169728", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168333", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169725", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "167157", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169729", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168631", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "168646", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170179", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170602", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167842", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167841", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169727", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167579", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169926", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167422", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167423", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167523", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167424", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-415522", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168638", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "172220", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "id": "VAR-202203-1400", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-415522" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T22:05:19.247000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "trust": 1.1, "url": "https://www.debian.org/security/2022/dsa-5283" }, { "trust": 1.1, "url": "https://github.com/fasterxml/jackson-databind/issues/2816" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-36518" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.9, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-0084" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0225" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2668" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0866" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-2668" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-43797" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0225" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-42392" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-38153" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22132" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28164" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-40690" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2471" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20289" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3520" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27223" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22137" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23437" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-31129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21724" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23436" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7746" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0722" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0235" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23436" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23437" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2458" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21363" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2458" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21724" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0722" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2256" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2256" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6782" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:2312" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7410" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7409" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7411" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid\u0026downloadtype=securitypatches\u0026version=8.3" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35525" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42004" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:7435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2509" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32149" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1304" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-3515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30293" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26716" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22628" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22629" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26700" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26717" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-37434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-40674" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35527" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-415522" }, { "db": "PACKETSTORM", "id": "168333" }, { "db": "PACKETSTORM", "id": "168638" }, { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "172220" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" }, { "db": "PACKETSTORM", "id": "167157" }, { "db": "PACKETSTORM", "id": "169920" }, { "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-11T00:00:00", "db": "VULHUB", "id": "VHN-415522" }, { "date": "2022-09-09T16:15:16", "db": "PACKETSTORM", "id": "168333" }, { "date": "2022-10-06T12:37:43", "db": "PACKETSTORM", "id": "168638" }, { "date": "2022-10-05T14:27:31", "db": "PACKETSTORM", "id": "168631" }, { "date": "2023-05-09T15:20:56", "db": "PACKETSTORM", "id": "172220" }, { "date": "2022-11-04T13:44:06", "db": "PACKETSTORM", "id": "169729" }, { "date": "2022-11-04T13:43:56", "db": "PACKETSTORM", "id": "169728" }, { "date": "2022-11-04T13:43:17", "db": "PACKETSTORM", "id": "169725" }, { "date": "2022-05-12T16:34:47", "db": "PACKETSTORM", "id": "167157" }, { "date": "2022-11-17T13:23:05", "db": "PACKETSTORM", "id": "169920" }, { "date": "2022-03-11T07:15:07.800000", "db": "NVD", "id": "CVE-2020-36518" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-11-29T00:00:00", "db": "VULHUB", "id": "VHN-415522" }, { "date": "2022-11-29T22:12:38.183000", "db": "NVD", "id": "CVE-2020-36518" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2022-6407-01", "sources": [ { "db": "PACKETSTORM", "id": "168333" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution, xss", "sources": [ { "db": "PACKETSTORM", "id": "168631" }, { "db": "PACKETSTORM", "id": "169729" }, { "db": "PACKETSTORM", "id": "169728" }, { "db": "PACKETSTORM", "id": "169725" } ], "trust": 0.4 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.